Implement Threat Model Results

How to operationalize threat model outputs

At the last step, you can operationalize the threat model outputs. At this step, you can review security requirements, actions, tests, and other tasks that were deemed relevant as a result of the threat modeling.

We group these downstream activities into four groups:

Mitigation Actions: These are tasks that need to be performed by security or engineering teams. You can directly push these tasks to your issue tracking platform.
Automated Tests: These are tests that DevArmor can automatically run in GitHub. They act as policies that apply to code review performed by DevArmor.
Maual Tests: These items are tests that cannot be run automatically and need to be run manually by users.
Penetration Tests: These are penetration test scopes that can be pushed to bug bounty programs or penetration testing consultants.

PreviousReview Threat Model Output NextDesign Reviewer

Last updated 6 months ago

Was this helpful?