Open Source Summit + ELC North America 2019

Evaluating security risks and conducting threat modeling are challenging for open source project contributors and adopters. There are rarely enough people, or people with experience, to tackle these tasks properly. In this session, come learn about a practical, agile approach to threat modeling with STRIDE model for open source projects, using EdgeX Foundry as an example, regardless whether you are going to contribute to an open source project or are going to evaluate and include some open source libraries into your next project. We will share our experience on security threat modeling and risk assessment during the development of EdgeX Foundry - a vendor-neutral, open source, hardware and OS agnostic Linux Foundation project to create a common open platform for IoT edge computing systems. After the presentation the audience will be familiar with general steps of threat modeling and how to apply them on their next project.