Exam CISSP topic 1 question 139 discussion

Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified and enumerated, and countermeasures prioritized. - Source (Wiki)

Threat modeling is a proactive method of uncovering threats not usually considered or found through code reviews and other types of audits - Techtarget

potential vulnerabilities = Threat modeling

Taking my words back. From the OSG about the SAMM Model - Design The process used by the organization to define software requirements and create software. This function includes practices for threat modeling, threat assessment, security requirements, and security architecture. So, B is probably correct.

As for me, the designer has nothing to do with threat modeling and pentesting.

The keyword is the designer, indicating that it is in the design phase

The correct answer is B. Threat modeling is a testing technique that enables the designer to develop mitigation strategies for potential vulnerabilities in software. It involves identifying potential threats and vulnerabilities in a software system and then developing and implementing strategies to mitigate those threats and vulnerabilities. This process can help to ensure that a software system is secure and can help to prevent security breaches and other types of cyber attacks. The other options listed are also testing techniques that can be used to identify potential vulnerabilities in software, but they do not directly enable the designer to develop mitigation strategies for those vulnerabilities.

It's A. Is source code review a testing technique? - Yes Is it enables the designer to develop mitigation strategies for potential vulnerabilities? - Yes Threat modeling is testing technique ? - No Pentest allow to remidiate vulns that was fount and not potential. Clearly answer is A.

"What testing technique..." Threat modeling is testing technique ?

threat modeling also implements test during the development phase