Latest: Digital For Tech News Click Here


Monday 21 April 2014

Microsoft’s free Threat Modeling tool updated

0 comments
place Google AdSense code here


According to Tim Rains, director of Microsoft Trustworthy Computing Microsoft’s threat modeling tool updated with new features designed to offer organizations more flexibility and help them implement a secure development lifecycle.

"More and more of the customers I have been talking to have been leveraging threat modeling as a systematic way to find design-level security and privacy weaknesses in systems they are building and operating," blogged Tim Rains. "Threat modeling is also used to help identify mitigations that can reduce the overall risk to a system and the data it processes. Once customers try threat modeling, they typically find it to be a useful addition to their approach to risk management."

The latest version of the tool includes the following new features:
•    New Drawing Surface this new release has its own drawing surface and Visio is no longer needed.
•    STRIDE per Interaction Big improvement for this release is change in approach of how we generate threats. Microsoft Threat Modeling Tool 2014 uses STRIDE per interaction for threat generation, were past versions of the tool used STRIDE per element.
•    Migration for v3 Models Updating your older threat models is easier than ever. You can migrate threat models built with Threat Modeling Tool v3.1.8 to the format in Microsoft Threat Modeling Tool 2014
•    Update Threat Definitions We over further flexibility to our users to customize the tool according to their specific domain. Users can now extend the included threat definitions with ones of their own.

Further he wrote "Microsoft Threat Modeling Tool 2014 comes with a base set of threat definitions using STRIDE categories," blogged Emil Karafezov, program manager on the Secure Development Tools and Policies team at Microsoft. "This set includes only suggested threat definitions and mitigations which are automatically generated to show potential security vulnerabilities for your data flow diagram. You should analyze your threat model with your team to ensure you have addressed all potential security pitfalls."

"We hope these new enhancements in Microsoft Threat Modeling Tool 2014 will provide greater flexibility and help enable you to effectively implement the SDL process in your organization," he added.

0 comments: Post Yours! Read Comment Policy ▼
PLEASE NOTE:
We have Zero Tolerance to Spam. Chessy Comments and Comments with Links will be deleted immediately upon our review.

Post a Comment

 
Copyright © 2013 MyBloggerBlog Template All Right Reserved
Designed by MyBloggerBlog | Powered by Blogger