JavaLand 2025
Using gamification and storytelling in threat modelling for secure application
In order for security requirements to be considered systematically, the security experts must understand which technical assets are worth protecting and the development team must understand the technical security language in order to find countermeasures together. It is insufficient if only security experts and architects dictate requirements and specify solutions. The development team and stakeholders such as data protection or the specialist side can also make valuable contributions to the collaborative creation of a security concept.