Lessons Learned from Five Years of Building More Secure Software

The software industry, or more accurately the software quality industry, is fixated on getting the code right. I really don't have a problem with that, but many security vulnerabilities are not coding issues at all. Many are design issues. If you focus solely on finding security issues in the code, you'll miss an entire class of vulnerabilities.

This is one of the reasons Microsoft mandates threat modeling and attack surface analysis as part of the Security Development Lifecycle (SDL) Process. Threat Modeling is an analysis technique that helps identify and mitigate design weaknesses in a product.

Attack surface analysis focuses on which portions of a software product are exposed to untrusted users, be they local or remote. A product with a large attack surface has more code exposed to untrusted users than a product with a small attack surface.