Scroll to discover
See a Demo
Skip to content

IriusRisk Community

Get your free lifetime subscription to IriusRisk Community Edition - zero commitment access to Threat Modeling tools and libraries.



What is Community?

If you’re new to Threat Modeling or not quite ready for our Enterprise SaaS version, why not get hands-on experience on how you can quickly and easily architect an application using our integration and understand potential security threats and countermeasures in one simple, easy-to-use interface.


If you’re already familiar with Threat Modeling and work in Architecture, DevOps or Security teams, you can try the Community Edition and learn quickly how it can help you to scale Threat Modeling within your organization through the powerful insights and collaboration capabilities.


An overview of our Community and Enterprise Editions plans:

SaaS | Free Lifetime Subscription

Perfect for getting hands-on with threat modeling for the first time, or to combine your efforts with tooling.


IriusRisk Community includes:


 - 1 threat model
 - Export Threats & Countermeasures as XLS

 - Export threat models as XML

 - Architectural diagramming with

 - Limited technical and compliance reports

 - Receive free community updates


Available as SaaS or On-Premise | Contact us for pricing

Benefit from all of the powerful capabilities IriusRisk has to offer to automate and scale across your organisation


All community capabilities, plus:

 - Available with up to unlimited threat models - 

 - Available for unlimited users

 - Data imports, custom field definition or workflow management

 - Syncs with popular issue trackers

 - Dedicated Customer Success Manager

 - Hands-on, assisted onboarding process

 - API access

 - Enhanced import and export of models, threats, test results and metadata

 - Full custom field definition and workflow management

 - All technical and compliance reports                                        Discover more

A Simple Guide to Building A Threat Model within IriusRisk Community Edition.  

Organizations want threat modeling to be easy to use for everyone, and to be so well embedded in the development cycle that there’s no need to even think about it.  One typical way of building an embedded threat model is based on the basic  principles of Adam Shostack’s four-question scheme. This model allows the user to  detect security deficiencies during the design phase of the application.


         1. What are we building?  Building the diagram

        2. What can go wrong?  Pinpoint the threats

        3. What are we going to do about it? Mitigating the threats

        4. Did we do a good job?  Validating the design and reporting the process


With our Community Edition you can pretty much do everything to understand the basic process above and see how it can help you to scale threat modeling throughout your organization.




Threat modeling: What, Why and How


The fundamental basis of threat modeling is identifying, communicating and managing security weaknesses.

The key principle underpinning threat modeling is “secure design” which means in practice addressing design flaws. Ideally threat modeling activities will take place from the inception of the project at the design phase and continue throughout the development lifecycle.

Download eBook
Cover exports


Threat modeling: Start where you are now


The guide will give you all you need to know about introducing threat modeling within your organizations - so grab a coffee as we take you through the process and its considerations.


Download eBook
Cover exports3


Modeling Threats in an imperfect world


The way an attacker can exploit a vulnerability hasn’t changed significantly over the past decade, so now we are forced to ask ourselves an uncomfortable question: What are we doing wrong?


Download eBook
Cover exports2
"As the SDLC has become more agile we are increasingly seeing companies think about security not just as an add-on at the end but as part of the function by embracing threat modeling. However, architects, developers and security teams still have a knowledge gap around threat modeling that needs to be addressed, which is partly due to the tools in the market being so expensive that it makes threat modeling “exclusive” to those who can afford it. IriusRisk's Community Edition addresses this challenge by providing a free and valuable resource for all, effectively democratizing threat modeling so that anyone working in the SDLC - not just a few specialists  - can understand the implications of secure design work in accelerating the development and time to deployment."

Daniel Cuthbert Head of CyberSecurity Research, Banco Santander