We welcome any initiative that brings DevSecOps practices to the forefront, so it is great to see … [Read More...] about NIST Considering DevSecOps Framework for Agencies
Leveraging best-in-class architectural diagramming with Draw.io, generate an initial threat model in minutes complete with recommended and required countermeasures based on your security policies with specific actionable advice
Threats models and security risk are dynamic and change over time. IriusRisk uses two-way synchronisation with issue trackers and testing tools to give you a clear real-time view of the status of security activities
IriusRisk boasts a multi-user web interface with integrated access control and workflows which ensure that security, engineering, and development teams can effectively do remote collaboration
1 %
of software vulnerabilities are flaws in the design
1 x
MORE EXPENSIVE TO FIX IN PRODUCTION THAN DURING THE DESIGN PHASE
GLOBAL APPSEC 2019
IriusRisk September 11-13 Washington Marriott Wardman Park Hotel Booth #R8 Global AppSec - DC is … [Read More...] about GLOBAL APPSEC 2019
Recorded Webinar Secure Design With IriusRisk & Draw.io
Recorded webinar Secure design With IriusRisk & Draw.io Download … [Read More...] about Recorded Webinar Secure Design With IriusRisk & Draw.io
Feature
Community
Enterprise
Maximum number of threat models
1
Unlimited
API
-
Yes
Import & Export
Export Threats & Countermeasures as XLS
Import & Export models as XML
Import & export product meta-data from/to XLS
Export threats as XLSX
Import threats from Microsoft Threat Modeler
Templates
Community templates
Unlimited
Two-way sync with ALM
No
Jira, Redmine, Microsoft Team Foundation Server, Azure DevOps, CA Rally
Reports
Technical and compliance reports. OWASP ASVS.
All technical and compliance reports including:
- NIST 800-53
- ISO/IEC 27002:2013
- PCI-DSS
- OWASP ASVS
- OWASP MASVS
- EU GDPR
- IoT Security Foundations
- CIS Docker
- CIS AWS
Diagramming
Yes
Yes
Diagram component list
Limited
Extensive
Workflow management
No
Full workflow management
RBAC with fine grained permissions
Not editable
Full access
Custom Fields
No
Full custom field definition
IriusRisk has a strategic partner program that enables businesses worldwide to benefit from our Threat Modeling platform and increase our overall capabilities with additional support for our customers. We value our partners as an extension of our team, and they play an integral role in helping organizations around the globe secure their assets from design into production.
