Merge pull request #2786 from OpenSecuritySummit/Alone2671-patch-1006

Create How-to-perform-threat-assessments-the-right-way.md

content/sessions/2024/mini-summits/Jan/Threat Modeling/How-to-perform-threat-assessments-the-right-way.md

@@ -0,0 +1,27 @@
+---
+title        : "How to perform threat assessments, the right way!"
+track        : Threat Modeling
+project      : Threat Modeling
+topics       :
+featured     :
+event        : mini-summit
+when_year    : 2024
+when_month   : Jan
+when_day     : Mon
+when_time    : WS-18-19
+hey_summit   : 
+banner       : 
+session_slack:
+#status      : 
+description  :
+organizers   :
+    - Saber Ferjani   
+youtube_link : 
+zoom_link    : 
+---
+
+## About the session:
+Threat actors continue to bypass all kind of defensive and detective measures. Nevertheless, prevention remains the most cost-effective method to keep threats away. In particular, most organizations still prefer to invest in a variety of less effective tools. The question is: Are you relying on the right metric, to assess the security posture of your service? If standard metrics such as CVSS is not accurate enough, then what kind of metric should you consider for vulnerabilities without CVE, such as those related to your own business logic? Let's dive deep into most common mistakes by software architects and security professionals alike, and how to optimize the time spent on developing secure products to get the best out of your entire team.
+
+### Publication:
+https://www.youtube.com/watch?v=HoJJ37bneJs (Lisbon, Portugal - March 2022)