I have been involved with developing threat models for several software products and features, and I'd like to formalize this process a little bit and create some documentation for my company's devs. Can you guys recommend a good book that describes all the essential components of building a good threat model?
I've skimmed Window Snyder's book, but didn't find it particularly engaging. I wouldn't expect this to be a 300 page topic, but maybe I'm wrong.
The Art of Software Security Assessment gives a nod to UML class diagrams as a design generalization assessment approach.
For one of the most interesting techniques on this (that Cigital adopted for their "threat-modeling" approach) is from a book called "Applying UML and Patterns", where it covers Architectural Risk Analysis.
Rohit Sethi also started a project for OWASP called "Securing the Core JEE Patterns". It's only a short paper, but definitely the coolest thing I've ever seen in the threat-modeling world.
I suggest reading about DREAD and STRIDE. I also recommend Chapter 4 of Writing Secure Code.
However, don't get your hopes up too much. Architectural risk analysis (what Microsoft calls "threat modeling") is inherently an ad-hoc art. It requires deep domain knowledge about the system being modelled; and some knowledge of security concepts and experience with this sort of security analysis helps, too.
