Threat Modeling has largely been done "system-wide". But with modern Agile and DevOps environments, systems are constantly undergoing changes, where a "point-in-time" threat model will be rendered obsolete. Yet, threat modeling is more important than ever before, especially in the age of continuous security.
This talk explores a relatively new approach to threat modeling. The concept is based on modeling stores (as in user stories or feature stories) to arrive at scalable threat models that are granular, iteration-friendly. In addition, you look at codifying and reusing these Threat Models as "components" making them highly scalable for iterative and continuously delivered applications