Microsoft Threat Analysis & Modeling v2.0 RC1 is out. Tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:

- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused reports

I have been using for the last couple of days, I am impressed with its capabilities and on-the-fly modelling support. There are few bugs tough but I hope they will be fixed in its final release. I am also looking forward to a framework to customize it such as adding more technologies and server software etc. Please see attachments for more screenshoots:

Threat Trees

Data Access Control Matrix

A must have for every architect!!!