This isn't new, but Microsoft released it's Threat Modeling Tool v3.1 as a public beta a couple of weeks ago. I've been using this tool internally at Microsoft for a bit longer than that, and it is impressive.
Instead of being a comprehensive tool for experts only, this tool makes threat modeling approachable to the average developer with little security background. At its core is a hosted Visio data flow diagramming tool. The tool produces workable diagrams which are then automatically analyzed to suggest common threats.
Adam Schostack presented a demo of the software at the Bluehat Conference in October as part of a point/counterpoint session (Adam begins about halfway through). Don't blame me for being too far behind, though -- the video was just posted to technet before Thanksgiving.
Hi Don,
the link to "Threat Modeling Tool v3.1" is pointing to OWA and not redirecting to download.microsoft.com. Is that expected? My browser is IE7.
BTW thanks for reading my blog - I've responded to your comment there.
Cheers
Mike
Posted by: Mike Adewole | 12/03/2008 at 10:27 PM
Thanks for the link catch -- I cut & pasted from OWA and it apparently did something smart that I wasn't expecting. I've corrected the link now.
Posted by: Don Ankney | 12/10/2008 at 10:18 AM