Launching IriusRisk ‘Community Edition’

 | Continuum Blog

The scalable Threat Modeling and Risk Management solution for product development is now free to use. Developers, architects and technical teams, this is a call for you to contribute to building the first collaborative set of threat model templates licensed under Creative Commons and available to everyone.

IriusRisk uses architectural risk patterns and templates to quickly derive a threat model based on the answers to a questionnaire. The model includes Threats, Weaknesses and recommended Countermeasures to fully or partly mitigate the stated risk. What’s more, once the required countermeasures have been defined, these can automatically be uploaded straight to Jira, so that the development and implementation team work from security requirements in their backlog.

You get to threat model and manage the security risk of up to 3 products. Drawn from our own threat model library as well as CAPEC, CWE and a bespoke AWS threat model library created by Hydras, specialists in AWS consulting.

Your threat models are private until you choose to publish them as “Templates”. Once published, they’ll be available to other users who can use them as building blocks for their own models.

It’s open. It’s free. It’s collaborative. Get started on the GitHub page.

About IriusRisk
IriusRisk is a Security Risk Management Platform for the SDLC, learn more on our website.

Did you like this article?

YOU MAY ALSO LIKE
  • Scaling Threat Modeling with tools
    Scaling Threat Modeling with toolsAdam Shostack wrote an interesting blog post on the role of diagrams in threat modeling where he contrasts the benefits and trade-offs of using tooling vs. diagrams to build a threat model. One of the points is that the cost of getting a cross functional team together for a threat modeling activity can be high. […]READ MORE
  • BDD-Security v2.0 Released
    BDD-Security v2.0 ReleasedNow with power. This version has a number of improvements, including: Simpler test execution with less background magic. Just standard Gradle tasks and Cucumber-JVM Simpler integration with Jenkins, minimal functionality does not require any additional plugins. Better looking reports Documentation is hosted on the GitHub Wiki.READ MORE
  • Buscamos un programador de Java
    Buscamos un programador de JavaBuscamos un desarrollador con experiencia laboral en Java para unirse a nuestro equipo. Tenemos un producto innovador en el ámbito de SecDevOps, es decir implementar automatización de los aspectos de seguridad en procesos de entrega continua: IriusRisk. Aportamos también herramientas de código abierto como BDD-Security Las tecnologías con las que se trabajará son: Grails para […]READ MORE