How Axway integrated automated threat modeling into their SSDLC, Continuous Security Review and CICD processes

Axway leveraged IriusRisk to democratize and standardize the framework for threat modeling, to ensure that each engineering team has proper training and tools to conduct their own threat model, on their schedule, and consult with product security group as needed to address risks.

As their development organization and security procedures have evolved, so has the IriusRisk tool. Axway SSG has been pushing the envelope in scaling a world-class DevSecOps program and the IriusRisk Product Management and Customer Success teams have been great partners in their journey.

The outcomes...

Over 100 threat models and growing
Live access & global collaboration for 500+ staff
Seamless integration with DevOpSec workflows, projects & issue tracking

Although Threat Modeling isn’t a new process to Axway, bringing together international teams of people to carry out manual threat modeling was never an easy task. With IriusRisk, we’ve been able to carry on our threat modeling practices across our existing products with much greater ease - to the point where it is now a systematic process which alleviates any SPOC bottlenecks that we used to have.

Sandy Blackwell

Director of Software Security, Axway