Explore threat modeling with architectural risk patterns in this AppSecUSA 2016 conference talk. Learn about a software-centric approach that uses risk patterns to increase efficiency and consistency in threat modeling. Discover how this method can be implemented through tooling to automatically generate threat models based on architectural decisions. Understand the application of object-oriented software design principles like inheritance and method overloading to maintain and extend pattern contents. Gain insights into extracting expertise from software security experts for reusable threat modeling knowledge within organizations. The talk covers topics such as the challenges of manual threat modeling, scaling the process in enterprise environments, and addressing the lack of security skills in smaller companies. Delve into incremental improvements in risk pattern usage, from simple checklists to flexible rules engines, and learn how this approach can support security in the software development lifecycle. Read more