Software superheroes in short supply.
It’s been reported during 2023 that the developer skills shortage continues to be a challenge - for two consecutive years1. The Reveal Survey Report stated ‘nearly half of a developer’s time (43.4%) is spent on coding an app’ 2. The importance of threat modeling is needed now more than ever to support time-stretched development teams, and pressured security specialists. The NIST Guidelines on Minimum Standards for Developer Verification of Software, mentions threat modeling as its very first recommendation to look for design-level security issues3.
With so many places referencing secure design and threat modeling, how do you make it a reality? We’re glad you asked.
Go guard or go home.
We want to lighten the developer load. It’s hard to be a guardian of your security galaxy when you still have hot fixes, project meetings, weekly sprints and all of those tickets stacking up in Jira.
That’s why creating free commonly-used templates are an important addition to our existing product roadmap, and our dedication to being an open and accessible product. From our Open Threat Model (OTM) Standard, to the evolving integration capability. Expectations on development teams have rocketed. From the level of day-to-day work, to the requirement of faster sprints yielding better results.
At IriusRisk, we believe that all security and development teams should have access to high quality threat modeling processes. Securing software is crucial for all of us, it is present in our daily lives as both consumers, and for the organizations we work for. This is why we have two aims with our product: be able to maximize your other technology investments within our tool, and continue to provide a stellar freemium threat modeling product.
Github’s got your free templates.
Not everyone is a threat modeling expert. Not all developers have tried diagramming tools, or enjoy using them. To make adoption of our product easier, we have developed (so far) 17 pre-made templates. These are available to download from GitHub. We also encourage anyone with their own templates or libraries to share for others to utilize. We are passionate about making threat modeling as accessible as possible. This is why, even if you currently only have the free forever version (Community Edition), you can still import the XML files, from these templates, to generate your threat model diagram. See, load made slightly lighter.
Want to contribute?
Add your own templates onto the repo for others to try and share as well. Let’s all join the movement for a secure future, and equip others with new knowledge. It is always a win to save developer time and energy. Add your templates here GitHub.