Feature

Community

Enterprise

Maximum number of threat models

1

Unlimited

API

-

Yes

Import & Export

Export Threats & Countermeasures as XLSE

Import & Export models as XML

Import & export product meta-data from/to XLS

Export threats as XLSX

Import threats from Microsoft Threat Modeler

Templates

Community templates

Unlimited

Two-way sync with ALM

No

Jira, Redmine, Microsoft Team Foundation Server, Azure DevOps, CA Rally

Reports

Technical and compliance reports. OWASP ASVS.

All technical and compliance reports including:

  • NIST 800-53
  • ISO/IEC 27002:2013
  • PCI-DSS
  • OWASP ASVS
  • OWASP MASVS
  • EU GDPR
  • IoT Security Foundations
  • CIS Docker
  • CIS AWS

Diagramming

Yes

Yes

Diagram component list

Limited

Extensive

Workflow management

No

Full workflow management

RBAC with fine grained permissions

Not editable

Full access

Custom Fields

No

Full custom field definition

Import test results

No

  • REST API
  • Fortify SSC
  • Fortify SCA

What our clients say



  • We struggled to find a tool that would help us with threat modeling and thought of developing our own, but Continuum Security’s threat modeling and risk management platform proved to be highly customizable and flexible and Continuum Security adapted to our particular specific needs very quickly with their development team. Very pleased to partner with Continuum Security.
    David
    Cybersecurity & Risk Services (CRS) Director
  • We had need to track our risk and compliance with standards across the SDLC. IriusRisk not only shows us where we are at in terms of risk and compliance in real-time during the development process, but also gives our developers the knowledge they need to successfully implement the requirements. Huge thumbs up!
    Robert
    Compliance & privacy Lead
  • IriusRisk reduces time-to-market, improves customers’ trust in their digital services, and guides compliance with security regulations and standards.”
    Adam Shostack
  • IriusRisk covers an existing and increasing gap in SecDevOps where no other commercial solutions exist: start from a high level description of a system to model and manage its risks, propose controls and automate their continuous testing allowing continuous security assessment integrated into your CI/CD pipeline. That’s what high risk and highly regulated companies as banks need to adopt CI/CD at scale.
    Director of Innovation at Global Bank
  • As an application security consulting business, we manage the secure development of many 100’s of our customers applications and wanted to integrate threat modeling into the CI/CD pipeline. IriusRisk facilitated this process and it definitely was the perfect choice.
    Application Security Consultancy
  • IriusRisk gives us the ability to feed in test results from our security tools which automatically adjusts the current build risk status and from this we can allow the development pipeline to continue on to production or stop the pipeline for further testing and mitigation activities. This functionality as well as other automation capabilities through the API made IriusRisk the indispensable tool.
    Head of Application Security
  • Our industry is heavily regulated, and the nature of our applications are highly sensitive and as such we had copius internal documentation relating to security policies, standards and procedures that were scattered throughout the organizations teams. We leveraged IriusRisk to collate all of this information into one place by creating risk libraries appropriate to us which enabled us to streamline and standardize our processes and terminology.
    Sarah B
    Security Intelligence & Assurance Manager


BDD-Security

Try our security testing framework that uses natural language syntax to describe security requirements as features that can run as part of the build/test/deploy process.

Learn more


IriusRisk has a strategic partner program that enables businesses worldwide to benefit from our Threat Modeling platform, increase our overall capabilities with additional support for our customers. We value our partners as an extension of our team, and they play an an integral role in helping organizations around the globe secure their assets from design into production.