IriusRisk Community Edition offers free threat knowledge base for developers
IriusRisk has expanded the free Community Edition of its platform to include its entire threat and countermeasure knowledge base. Engineering teams using the Community Edition will now be able to factor its comprehensive security standards and compliance libraries into their threat models, at no cost.
The process of threat modeling enables software engineers to identify potential threats in a product and plan effective countermeasures in their software at the beginning of design. This ensures that software isn’t launched with high-risk design flaws that would need to be fixed in post-production or that potentially may not be identified at all through application security scanning, leaving software vulnerable.
IriusRisk has one of the largest threat modeling knowledge bases including 380 unique threats and 1672 detailed countermeasures – which are now available to its Community Edition users. This includes threat libraries for AWS, Azure, Google Cloud Platform, Microservices, IoT devices and services and many more.
The rich dataset also includes weaknesses (linked to CWE), and countermeasures, which are often linked to relevant security standards such as CIS Benchmarks, OWASP, EU GDPR, PCI-DSS and more.
Stephen de Vries, CEO of IriusRisk, said: “It is imperative that all software development teams, regardless of the size of their organization, should be undertaking threat modeling to build security into their software. While IriusRisk is pioneering the automation of threat modeling for mature enterprises, our mission and priority is to make threat modeling a mainstream practice that is accessible to everyone.
“The Community Edition of our platform is about sharing best practice and tools with the wider developer ecosystem, to make a significant contribution to securing software before it is released into the market. We hope that opening up our knowledge base for the first time will help engineers to embrace secure design principles and make it easy for them to adopt threat modeling as a standard practice in their development workflows.”
The IriusRisk Community Edition allows developers to:
- Create a threat model by drawing a data flow diagram using pre-defined components using the well known draw.io (diagrams.net) diagramming interface.
- View an automatically generated list of threats and countermeasures based on their design.
- Take actions on each threat including evaluating the detailed countermeasures suggested by IriusRisk.
- Add new threats, weaknesses and countermeasures to the generated model.
- Export the threat model as a document and run technical as well as compliance reports.