Channels ▼
RSS

Security

Free Microsoft Threat Modeling Tool 2014


Microsoft continues to enrich its tools base with the new Microsoft Threat Modeling Tool 2014. This newly renamed free-to-download product is actually the artist formerly known as the Security Development Lifecycle Threat Modeling Tool, originally released in 2011.

Leading the product team blogging for this development is Microsoft's Tim Rains, who says that an increasing number of developers have been using threat modeling as a systematic way to find design-level security and privacy weaknesses in systems they are building and operating.

Microsoft also points out that threat modeling (as an addition to risk management) is also used to help "identify mitigations" that can reduce the overall risk to a system and the data it processes.

New features in the product include a drawing surface; i.e., a user interface with easier navigation capabilities for building threat models. There is also the opportunity to define your own threats so that developers have the option to add their own threats related to their specific domain by extending the STRIDE baseline definitions in the tool to get the best possible picture of their threat landscape.

In terms of migration for version 3.1.8 here, developers can migrate preexisting threat models or security systems created with the v3 version of the tool to the new format.

According to Microsoft, "The newest version uses STRIDE categories (instead of STRIDE per element) to generate threats based on the interaction between elements, taking element type and the data flow styles which connect those elements into consideration."


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video