The next step after threat modeling is reduction analysis. Reduction analysis is also known as decomposing the environment.
The purpose of this task is to gain a greater understanding of the logic of the product, its internal interactions with external elements.
Which of the following are key components to identify when performing de Each correct answer represents a complete solution. Choose all that apply.
A. Open vs. closed source code use
B. Input points
C. Privileged operations
D. Details about security stance and approach
E. Patch or update versions
F. Trust boundaries
G. Dataflow paths