If you’re a government or military contractor, they’re probably great and wonderful. Threat modeling tools from other than Microsoft are pretty pricey. So what’s wrong with the current crop of TM tools? These have had their uses – and certainly it’s noticeable that when I work with a team of developers, one of whom has worked at Microsoft, it’s encouraging to ask “show me your threat model” and have them turn around with something useful to dissect. Then there’s the previous versions of the SDL Threat Modeling Tool. There’s the TAM Threat Analysis & Modeling Tool, which is looking quite creaky with age now, and which I never found to be particularly usable (though some people have had success with it, so I’m not completely dismissive of it). Amid almost no fanfare whatsoever, Microsoft yesterday released a tool I’ve been begging them for over the last five or six years.Īs you’ve guessed from the title, this tool is the “ SDL Threat Modeling Tool 2014”.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |