Threat Modeling Misconceptions: The Ants and the Grasshopper
Ants, a grasshopper, and threat modeling.
Now, we know what you’re thinking: what in the world has a grasshopper and a colony of ants got to do with threat modeling?
It’s a good question; ordinarily, having ants interfering with developing any software solution would, quite frankly, be a terrible idea. A grasshopper wouldn’t be much help, either.
But this is a fable, one of Aesop’s famous stories with a moral attached. And in this case, the moral of the story is relevant to threat modeling.
You see, whether you’re part of a security team, a lead developer, or your organization’s security champion, you really should work together, like the ants, to make your threat modeling effective all the time. You don’t just do this once; you do it constantly, so you’re always prepared and protected.
Aesop told how the ants had toiled throughout the year to build up their food reserves. They did this every day so that they still had plenty to eat when the cold weather arrived.
One day, while they were enjoying the fruits of their toils, a grasshopper appeared, begging the ants for some food. As it happens, he hadn’t bothered working every day to store up his own supplies and was now going hungry. He’d been too busy playing music and having a good time.
The fable turns slightly dark because the ants decide not to help the starving grasshopper. But it illustrates starkly why the moral of this story is so relatable: hard work and planning wins the day.
The biggest threat modeling mistake.
So, now you understand this is not some oddball examination of a children’s story, well it might still be, but it is also more than that. Instead, it’s an excellent way to highlight one of the biggest mistakes we see teams make as they assess possible cyber threats and other risks to their software project.
These teams look at security once, at the outset of the process, and then consider their threat modeling complete. They are the unfortunate grasshoppers in this story. Whereas the teams who get threat modeling right make it a constant endeavour, from the first ideation to design and manufacture, all the way through to maintenance and post-market upgrades.
Happy, and successful threat modeling does not involve the arduous manual work of collecting grain all year and storing it somewhere safe for a rainy day. You can make it all so much easier.
Step forward, IriusRisk, the threat modeling platform that constantly evaluates the threats to your software development projects.
It’s a tried-and-tested platform that’s so thorough even manufacturers of medical devices use it.
IriusRisk guides teams to consider cyber security at every turn. It enables organizations to scale up development without compromising on security. It encourages teams to work together toward a common goal.
Just like the ants.
Don't be a grasshopper.
Using IriusRisk means you’ll build great things. Taking the easy way out and assuming you need only look at risk at the beginning is a recipe for disaster. The once-happy grasshopper found that out to his cost.
You can learn from his mistakes. Developing new software is stressful enough without having to worry about security. And, at a time when you must justify every dollar spent to your bosses, there’s more good news.
Get your hands on IriusRisk for free. Apply your threat models (we call them projects) and see how our platform identifies risk and supports your organization’s compliance and regulatory frameworks.
Try out IriusRisk Community Edition.