Microsoft continues to enrich its tools base with the new Microsoft Threat Modeling Tool 2014. This newly renamed free-to-download product is actually the artist formerly known as the Security Development Lifecycle Threat Modeling Tool, originally released in 2011.
Leading the product team blogging for this development is Microsoft's Tim Rains, who says that an increasing number of developers have been using threat modeling as a systematic way to find design-level security and privacy weaknesses in systems they are building and operating.
Microsoft also points out that threat modeling (as an addition to risk management) is also used to help "identify mitigations" that can reduce the overall risk to a system and the data it processes.
New features in the product include a drawing surface; i.e., a user interface with easier navigation capabilities for building threat models. There is also the opportunity to define your own threats so that developers have the option to add their own threats related to their specific domain by extending the STRIDE baseline definitions in the tool to get the best possible picture of their threat landscape.
In terms of migration for version 3.1.8 here, developers can migrate preexisting threat models or security systems created with the v3 version of the tool to the new format.
According to Microsoft, "The newest version uses STRIDE categories (instead of STRIDE per element) to generate threats based on the interaction between elements, taking element type and the data flow styles which connect those elements into consideration."