Welcome to our Blog
From software security to threat modeling to compliance & risk management frameworks (and everything inbetween). We've got it covered.
Featured Posts
Threat modeling for IIoT Devices and Gateways
The ISASecure ICSA certification, supported by the ICSA-500 document, provides a robust framework for ensuring that IIoT components meet high-security standards. IriusRisk now includes both IEC 62443 4-2 and ICSA-500 to support the ICSA certification and standard threat modeling process of IIoT devices and gateways.
Read MoreLatest Posts
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
March 23, 2022
Open Threat Model Standard under a Creative Commons License
The Open Threat Model Standard will allow greater connectivity and interoperability between threat modeling and other parts of the Software Development Lifecycle (SDLC)
Infrastructure as Code
February 22, 2022
How to create an OTM parser
In this article we are going to create a simple Python script that parses a threat model represented as a Graphviz DOT file, and generates a threat model defined in the Open Threat Model standard.
Infrastructure as Code
February 22, 2022
Threat Modeling Software Features vs Architecture
This blog discusses two approaches to threat modeling: architectural-driven threat modeling and feature-driven threat modeling. It highlights the importance of considering security in the design stage and introduces a new library of functional components to enhance the threat modeling process, allowing developers to focus on specific user story-related threats.
Methodologies & Frameworks
Cloud Security
February 22, 2022
Introduction to the Open Threat Model standard
The Open Threat Model (OTM) standard is a versatile way to describe threat models, fostering connectivity and interoperability within the Software Development Lifecycle and cybersecurity ecosystem. It enables automation, enhances scalability, and aligns with existing design artifacts, improving threat modeling's maturity and application in various contexts.
Infrastructure as Code
Intro to Threat Modeling
February 9, 2022
Doubling Down on Threat Modeling
In 2021, threat modeling gained significant recognition and adoption, with industry accolades and government recommendations driving its importance. IriusRisk experienced substantial growth in its threat modeling platform, expanding its customer base and team, aiming to simplify and enhance threat modeling practices for secure software development in the future.
Software security
Threat Modeling
February 7, 2022
IriusRisk doubles the team and annual recurring revenue in 2021
Secure design leader doubles down on mission as threat modeling adoption grows
News
February 3, 2022
Threat Modeling: A New Strategy That Can Scale
Panel Weighs in on Overcoming Cultural Barriers to Achieve Business Benefits
Software security
Intro to Threat Modeling
Analysis
January 28, 2022
IEC/ANSI 62443 Example 3 Medical devices OT IoT Cloud Infrastructure
This comprehensive analysis delves into the architecture of a hospital gas supply control system and remote patient monitoring within the IEC/ANSI 62443 standards framework. It identifies threats, countermeasures, and weaknesses, with specific controls allocated to each component, ensuring security from cloud deployment to IoT devices.
Standards, Compliance and Regulations
Software security
December 29, 2021
Product Update: IriusRisk Version 4.0.5
We are excited to announce the release of IriusRisk 4.0.5 which includes these new enhancements and features:
Product Release