Blockchain/ Distributed Ledger

  • 1.  Threat Modelling and Lifecycle discussion

    Posted Oct 26, 2020 09:31:00 PM
    Edited by Kurt Seifried Nov 24, 2021 11:22:14 AM
    So as part of my Threat Modelling work I've been looking at Lifecycle of software/projects/etc. (e.g. Systems development life cycle). I think for Blockchain and DLT projects in general a good high level set of phases is: 

    Business case / analysis
    Architecture / Design (tokens, smart contracts, governance, consensus, etc.)
    Development
    Deployment
    Operations/Maintenance
    Decommissioning/Abandonment (end of life)

    Thoughts/comments on this? Is anything major missing?

    Edit: added Maintenance to operations to be explicit
    ------------------------------
    Kurt Seifried
    Chief Blockchain Officer and Director of Special Projects
    Cloud Security Alliance
    [email protected]
    ------------------------------


  • 2.  RE: Threat Modelling and Lifecycle discussion

    Posted Nov 12, 2021 09:46:00 AM
    Kurt

    First, thank you for posting this.  It was extremely helpful to me in another project I am working.  

    That said, I would make one minor change.  I would change phase 5 to "Operations/Maintenance".  What I have seen is too many designers forget that the product inherits a great deal of risk as the business works to make modifications to the original concept or to extend the life of the product beyond what was originally conceived.  As I suspect you know, patching (done or not done) is a key threat vector.

    George

    ------------------------------
    George Sconyers
    ------------------------------



  • 3.  RE: Threat Modelling and Lifecycle discussion

    Posted Nov 24, 2021 11:22:00 AM
    Ah yeah, I just implicitly assume "maintenance" is part of operations (otherwise you won't get to operate it for very long before it breaks =). But making it explicit is not a bad idea.

    ------------------------------
    Kurt Seifried
    Chief Blockchain Officer and Director of Special Projects
    Cloud Security Alliance
    [email protected]
    ------------------------------