SDL Threat Modeling Tool 3.1 went live on the Microsoft Download Center on November 6, 2008, “This tool allows for structured analysis, tracking and mitigation of potential security and privacy issues, based on a methodology that any software architect can lead effectively. The tool has been used extensively within Microsoft,” revealed Steve Lipner, senior director of security engineering strategy in Microsoft’s Trustworthy Computing Group back in September.

“Innovative features in the Microsoft SDL Threat Modeling Tool 3.0 include these: automation - guidance and feedback in drawing threat diagrams; STRIDE Framework - guided analysis of threats and mitigations; integration - bug-and issue-tracking systems; reporting capabilities - security activities and testing in the verification phase,” Microsoft explained.

Download