Well I'm back from Redmond and I have to say it was great meeting the ACE Team, and getting to share ideas with them on the TAM threat modeling tool.  We cleared up a few misconceptions for each other and laid the groundwork for some really great features in release 3.

One of the big features that will be coming along is the Threat Model Repository. This is where you'll really start seeing advantages for future projects. By having the threat models stored in a repository, you will be able to see trends in your application development problem areas. For example, if you are consistently seeing the same threats popping up again and again, you obviously need to evaluate why this is happening and perhaps implement a training strategy to avoid it.

Another huge advantage to the Threat Model Repository is the ability for consumers of your components to be able to access your threat model to incorporate into their threat modeling activities. This allows them to see what kind of threats they may be introducing into their project by using your components. Additionally it allows them to have a very clear picture of their Threat Exposure and attack surface. 

Another hot topic was the Attack Libraries. These are the gold nuggets that help identify the mitigations you need to have in place for your software.  One of the ideas that kept coming up was having an attack library subscription made available.  The cost, if any, of this is still be worked out by the group at Microsoft, but from what I heard on the Security Seminar tour, it would be welcomed with open arms.

I'm back on the ground now so there will be a lot more regular posts from me here on TTB. Stay Tuned!