Get your free lifetime subscription to IriusRisk Community Edition - zero commitment access to Threat Modeling tools and libraries.
What is Community?
If you’re new to Threat Modeling or not quite ready for our Enterprise SaaS version, why not get hands-on experience on how you can quickly and easily architect an application using our Draw.io integration and understand potential security threats and countermeasures in one simple, easy-to-use interface.
If you’re already familiar with Threat Modeling and work in Architecture, DevOps or Security teams, you can try the Community Edition and learn quickly how it can help you to scale Threat Modeling within your organization through the powerful insights and collaboration capabilities.
An overview of our Community and Enterprise Edition plans:
SaaS | Free Lifetime Subscription
Perfect for getting hands-on with threat modeling for the first time, or to combine your efforts with tooling.
IriusRisk Community includes:
- 1 threat model
- Export Threats & Countermeasures as XLS
- Export threat models as XML
- Architectural diagramming with draw.io
- Limited technical and compliance reports
- Receive free community updates
- Join regular Ask Me Anything Sessions
Available as SaaS or On-Premise | Contact us for pricing
Benefit from all of the powerful capabilities IriusRisk has to offer to automate and scale across your organization
All Community capabilities, plus:
- Available with up to unlimited threat models
- Available for unlimited users
- Data imports, custom field definition or workflow management
- Syncs with popular issue trackers such as Jira
- Dedicated Customer Success Manager
- Hands-on, assisted onboarding process
- API access
- Import your Infrastructure as Code (IaC) descriptors from tools such as Microsoft Threat Modeling Tool and CloudFormation
- Enhanced import and export of models, threats, test results and metadata
- Access to all technical and compliance reports
A Simple Guide to Building A Threat Model within IriusRisk Community Edition.
Organizations want threat modeling to be easy to use for everyone, and to be so well embedded in the development cycle that there’s no need to even think about it. One typical way of building an embedded threat model is based on the basic principles of Adam Shostack’s four-question framework. This model allows the user to detect security deficiencies during the design phase of the application.
1. What are we building? Building the diagram
2. What can go wrong? Pinpoint the threats
3. What are we going to do about it? Mitigating the threats
4. Did we do a good job? Validating the design and reporting the process
With our Community Edition you can do everything needed to understand the basic process above and see how it can help you to scale threat modeling throughout your organization.
"As the SDLC has become more agile we are increasingly seeing companies think about security not just as an add-on at the end but as part of the function by embracing threat modeling. However, architects, developers and security teams still have a knowledge gap around threat modeling that needs to be addressed, which is partly due to the tools in the market being so expensive that it makes threat modeling “exclusive” to those who can afford it. IriusRisk's Community Edition addresses this challenge by providing a free and valuable resource for all, effectively democratizing threat modeling so that anyone working in the SDLC - not just a few specialists - can understand the implications of secure design work in accelerating the development and time to deployment."
Daniel Cuthbert Head of CyberSecurity Research, Banco Santander