Threat modeling in Dutch organizations

Many products consist largely of software. Think, for example, of your smartphone, your robot vacuum cleaner, banking applications and password managers. These can be hacked and and used with malicious intent. For this reason it is important to think about potential threats and how best to counter them during a product’s development. One technique that makes this possible is threat modeling. This is an integrated manner of looking at a system to prevent hackers from getting in. A report written by researchers from KU Leuven for the NCSC examines how large Dutch organisations from critical sectors apply threat modeling in practice during software development processes. The report also draws some tentative lessons from what those organisations say is proving to be useful.