Nice summary - and thank you for bringing out the reasons to do what you can up front, and to keep on doing it until the team/company/lawyers are happy with the risk posture :)
Way back in 2019 (feels like a different world now!) I did a talk on threat modelling for my local OWASP chapter which is preserved for posterity here - if anyone really want to know what I sound like, have 30mins (ish) spare and are interested: ashbysoft.com/posts/owasp-threat-m...
Nice summary - and thank you for bringing out the reasons to do what you can up front, and to keep on doing it until the team/company/lawyers are happy with the risk posture :)
Way back in 2019 (feels like a different world now!) I did a talk on threat modelling for my local OWASP chapter which is preserved for posterity here - if anyone really want to know what I sound like, have 30mins (ish) spare and are interested: ashbysoft.com/posts/owasp-threat-m...
Thank you! That sounds interesting, I will look into it!