Abstract: An threats and countermeasures schema that can incorporate expertise into an application engineering activity is provided. For example, a threats and countermeasures schema can be applied to a threat modeling component to converge knowledge into the activity by identifying categories, vulnerabilities, attacks and countermeasures based upon an application type, user objective, etc. The novel threats and countermeasures schema can create a common framework that converges knowledge with respect to any application engineering activity (e.g. threat modeling). For example, the schema can include lists of threats and attacks that can be acted upon. As well, the framework can include a list of novel countermeasures based upon the attacks. Additionally, a context precision mechanism can be employed to automatically and/or dynamically determine a context of an application environment. This context can be used to automatically generate an appropriate schema based upon the determined application type.

Abstract: A novel approach to security engineering that leverages expertise to enable a user to design, build and deploy secure applications is disclosed. In doing so, the innovation discloses novel techniques and mechanisms that integrate security into the application development lifecycle and to adapt current software engineering practices and methodologies to include specific security related activities. These activities include identifying security objectives, creating threat models, applying secure design guidelines, patterns and principles, conducting security design inspections, performing regular code inspections, testing for security, and conducting deployment inspections to ensure secure configuration.

Abstract: An information model (e.g., schema) that can incorporate expertise into an application engineering activity—for example, a threats and countermeasures schema can be applied to a threat modeling component to converge knowledge into the activity by identifying categories, vulnerabilities, attacks and countermeasures. The novel schema can create a common framework that converges knowledge with respect to any application engineering activity (e.g., threat modeling, performance modeling). For example, the framework can include lists of threats and attacks that can be acted upon. As well, the framework can include a list of countermeasures based upon the attacks. Additionally, a context precision mechanism can be employed to automatically and/or dynamically determine a context of an application environment. This context can be used to automatically generate an appropriate schema or information model.

Abstract: A security engineering system and methodology associated with the application life cycle is provided. The subject innovation provides a threat modeling system can be employed to identify threats and vulnerabilities associated with stages of the application life cycle. In accordance therewith, the novel innovation can facilitate identification of common issues that can arise during a threat modeling activity. The innovation can provide for a systematic mechanism to identify threats and/or vulnerabilities in accordance with the application life cycle.