Scalable threat modeling

Security vulnerabilities result from interactions between thousands of well-intentioned decisions. What systems or libraries do we use? Should I click yes or no on this authorization prompt? Should we make this system more simple or more safe? Only in the aftermath of security incidents do the regrettable decisions become clear.

Security experts are predictors. They are trained to understand how the conditions caused by technical decisions create risk, and can steer the ship toward calmer waters. Bad decisions made without security expertise tend to propagate and amplify before they can…