IriusRisk Team
|
The Threat Modeling Experts
June 29, 2023

Product Update: Release 4.17

Product Update: Release 4.17

We are excited to announce the release of IriusRisk 4.17 which includes these new enhancements and features:

  • Choose the best component while diagramming with new component description and risk pattern preview
  • Manage diagram components and dataflows faster with improved contextual menus
  • Keep focused on risk exceptions with a new countermeasure expiry filter

Choose the best component while diagramming with new component description and risk pattern preview

When creating your threat model diagram, it can sometimes be a challenge to choose the right components to use. Some components can look similar but actually bring in different risk patterns. This can cause confusion which results in spending additional time trying to find more details for each of the components, or having to rework the threat model later. Moreover, many users may not have permission to access the Components Definitions and Trust Zones and Assets objects, where they could find the information they need.

In this release, when you hover over each of the trust zones or components in the left sidebar, a new pop-up window will display the following information:

  • The name and description of the component or trust zone
  • For components, the risk patterns will be shown grouped by libraries.
  • For trust zones, the trust rating will be shown.

Component Preview:

image-20230619-072843

Trust Zone Preview:

image-20230619-072924

When hovering over general shapes, the message displayed to the user states that by adding these shapes, they will not generate any threats or countermeasures in the model.

Manage diagram components and dataflows faster with improved contextual menus

In order to provide additional context to the threat model, it is often necessary to answer a questionnaire or edit components and data flows. These actions are available by right-clicking on an element in the diagram. However, the user needs to scroll down to the bottom of the menu to execute these actions.

In this release, we have reorganized these options and simplified the menu. This helps you find options quicker and speed up your tasks while editing the diagram.

image-20230619-080759

Keep focused on risk exceptions with a new countermeasure expiry filter

In our aim to help users manage threats and countermeasures, we added a new filter that helps user show Countermeasures by their Test Expiry Date.

image-20230619-110943

Reduce the threat model output with automatic hiding of N/A countermeasures

Similar to what we already have in the Threats view, we added an option to Hide N/A Countermeasures, and which is turned on by default. By automatically hiding irrelevant countermeasures IriusRisk helps you to manage the threat model output more easily.

image-20230619-111057

Bearer authentication for Jira integration

When setting Jira as an Issue Tracker, at General Settings, Projects, Components, Threats, or Countermeasures, you can now configure IriusRisk to authenticate your connection with your Jira instance via a bearer authentication token.

image-20230619-160654

Security Content

This release includes the following new SAP components:

  • SAP BOBJ (BusinessObjects Business Intelligence Platform)
  • SAP BODS (Business Object Data Services)
  • SAP MRS (Multi resource Scheduling)
  • SAP HR (Human Resources)
  • SAP Enterprise Portal
  • SAP ALE (Application Link Enabling)
  • SAP Application Server
  • SAP Content Server
  • SAP Gateway
  • SAP SLT (Landscape Transformation Replication Server)

We have also continued to expand the output reducing Questionnaires for Functional Components:

  • API Endpoint
  • Audit Log
  • Exception Handler
  • File Chooser
  • File Handler
  • Formatter
  • JWT Token
  • Login
  • Private Signature Key
  • Reset Password
  • User Profile
  • User Registration
  • Web Form
  • XML processing

Finally, we have renamed the default libraries provided by IriusRisk to give them more descriptive names. For example, “CS-Default” is now “IR Software Architecture Components” and “CS-Default-Security-Policies” is now “IR Default Rules for Standards”.

Deprecations

Redmine Issue Tracker has been removed

In February 2023 (v4.12) we notified that the Redmine issue tracker was being removed. It has been removed in this release, v4.17.

ThreadFix Test Import Notice

From September 2023 the import test result functionality for ThreadFix will be removed
.

Release notes

For more information, see the Version 4.17 Release Notes.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon

IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.