Version 3 of Microsoft's Threat Modeling Tool released
Microsoft has made version 3 (3.1.4) of its Threat Modeling Tool available to download free of charge. The tool is designed to allow developers to test their systems for potential threats. Individual system components and the data flow between them can be modelled or visualised.
The tool provides developers with a check-list to help identify potential threats to individual components, as well as the respective counter-measures required. It then summarises the risks in a report and offers a to-do list. All of this can be combined with an issue tracking system.
A Silverlight demo on the tool's home page provides a first impression of the range of features offered. The MSDN article "Uncover Security Design Flaws Using The STRIDE Approach" gets developers started with the concept of modelling system threats via flow charts, while a more recent article "Getting Started With The SDL Threat Modeling Tool" covers the actual use of the tool. Visio 2007 is a prerequisite for running the tool.
(djwm)