IriusRisk Community: Free Threat Modeling

Get your free lifetime subscription to IriusRisk Community Edition - zero commitment access to Threat Modeling tools, libraries, and our AI assistant.

Now including THREE free threat models (easy for you to say).
Get Started for Free

The future of Threat Modeling is here. And it's called Jeff.

Whether you are doing some threat modeling already, or are a complete novice, Jeff is your helpful passenger while you stay in the driver's seat. Utilize your User Stories, Documentation, meeting transcripts or code to generate your threat model diagram.

It is even complete with threats and security controls (we call them countermeasures). See Jeff in action by watching the video, or sign up to our Community Edition for free, and start using Jeff today. 

Try Jeff now

Community Version Benefits

It’s not just our AI Assistant you get access to in Community. Quickly and easily architect an application using our Draw.io integration and understand potential security threats and countermeasures in one simple, easy-to-use interface. You can also send a link to your Project to a friend or peer, to invite them to collaborate with you. The best part? There are no strings attached. It is truly free-forever. 
Free lifetime subscription
3 threat models
Export Threats & Countermeasures as XLS
Export threat models as XML
Architectural diagramming with draw.io
Limited technical and compliance reports
Receive free community updates
Collaborate with others in your Project
Get started

The Four Question Framework for Threat Modeling 

We like to start with Adam Shostack's four-question framework; begin there, and you can't go wrong. This basic model allows any user to detect security deficiencies during the design phase of the process and IriusRisk is created in a way that allows its users to apply the framework as they work through the creation and iteration of a threat model.

1. What are we working on?
Building the diagram
2. What can go wrong?
Pinpoint the threats
3. What are we going to do about it?
Mitigating the threats
4. Did we do a good job?
Validating the design and reporting the process
Get started

As the SDLC has become more agile we are increasingly seeing companies think about security not just as an add-on at the end but as part of the function by embracing threat modeling. However, architects, developers and security teams still have a knowledge gap around threat modeling that needs to be addressed, which is partly due to the tools in the market being so expensive that it makes threat modeling “exclusive” to those who can afford it.

‍IriusRisk's Community Edition addresses this challenge by providing a free and valuable resource for all, effectively democratizing threat modeling so that anyone working in the SDLC - not just a few specialists  - can understand the implications of secure design work in accelerating the development and time to deployment.

Daniel Cuthbert , Head of CyberSecurity Research, Banco Santander