Scroll to discover
Watch a Demo
Skip to content

IriusRisk Community

Get your free lifetime subscription to IriusRisk Community Edition - zero commitment access to Threat Modeling tools and libraries.



What is Community?

If you’re new to Threat Modeling or not quite ready for our Enterprise SaaS version, why not get hands-on experience on how you can quickly and easily architect an application using our integration and understand potential security threats and countermeasures in one simple, easy-to-use interface.


If you’re already familiar with Threat Modeling and work in Architecture, DevOps or Security teams, you can try the Community Edition and learn quickly how it can help you to scale Threat Modeling within your organization through the powerful insights and collaboration capabilities.


An overview of our Community and Enterprise Edition plans:

IriusRisk Community
SaaS | Free Lifetime Subscription

Perfect for getting hands-on with threat modeling for the first time, or to combine your efforts with tooling.


IriusRisk Community includes:


 - 1 threat model
 - Export Threats & Countermeasures as XLS

 - Export threat models as XML

 - Architectural diagramming with

 - Limited technical and compliance reports

 - Receive free community updates

- Join regular Ask Me Anything Sessions


IriusRisk Enterprise
Available as SaaS or On-Premise | Contact us for pricing

Benefit from all of the powerful capabilities IriusRisk has to offer to automate and scale across your organization


All Community capabilities, plus:


 - Available with up to unlimited threat models  

 - Available for unlimited users

 - Data imports, custom field definition or workflow management

 - Syncs with popular issue trackers such as Jira

 - Dedicated Customer Success Manager

 - Hands-on, assisted onboarding process

 - API access

- Import your Infrastructure as Code (IaC) descriptors from tools such as Microsoft Threat Modeling Tool and CloudFormation

 - Enhanced import and export of models, threats, test results and metadata

 - Access to all technical and compliance reports   

                                  Discover more

A Simple Guide to Building A Threat Model within IriusRisk Community Edition.  

Organizations want threat modeling to be easy to use for everyone, and to be so well embedded in the development cycle that there’s no need to even think about it.  One typical way of building an embedded threat model is based on the basic  principles of Adam Shostack’s four-question framework. This model allows the user to  detect security deficiencies during the design phase of the application.


         1. What are we building?  Building the diagram

        2. What can go wrong?  Pinpoint the threats

        3. What are we going to do about it? Mitigating the threats

        4. Did we do a good job?  Validating the design and reporting the process


With our Community Edition you can do everything needed to understand the basic process above and see how it can help you to scale threat modeling throughout your organization.




IriusRisk Product Datasheet


Take a look at this useful 4-page overview, if you would like to know all capabilities of the platform. A few of our Security Content Libraries are only available in Enterprise, but most of our functionality is still available in Community Edition!


 Download datasheet
Secure Software by Design datasheet


Threat modeling: Start where you are now


The guide will give you all you need to know about introducing threat modeling within your organizations - so grab a coffee as we take you through the process and its considerations.


Download eBook
Cover Start where you are now (Website)


Modeling Threats in an imperfect world


The way an attacker can exploit a vulnerability hasn’t changed significantly over the past decade, so now we are forced to ask ourselves an uncomfortable question: What are we doing wrong?


Download eBook
Cover Modeling Threats in an imperfect world (Website)
"As the SDLC has become more agile we are increasingly seeing companies think about security not just as an add-on at the end but as part of the function by embracing threat modeling. However, architects, developers and security teams still have a knowledge gap around threat modeling that needs to be addressed, which is partly due to the tools in the market being so expensive that it makes threat modeling “exclusive” to those who can afford it. IriusRisk's Community Edition addresses this challenge by providing a free and valuable resource for all, effectively democratizing threat modeling so that anyone working in the SDLC - not just a few specialists  - can understand the implications of secure design work in accelerating the development and time to deployment."

Daniel Cuthbert Head of CyberSecurity Research, Banco Santander