Looks like we’ve released a Threat Modeling Tool. From the site: “The tool allows users to create threat model documents for applications. It organizes relevant data points, such as entry points, assets, trust levels, data flow diagrams, threats, threat trees, and vulnerabilities into an easy-to-use tree-based view. The tool saves the document as XML, and will export to HTML and MHT using the included XSLTs, or a custom transform supplied by the user.”

I’m looking forward to reading the upcoming Threat Modeling book by Frank Swiderski and Window Synder. Threat Modeling is a practice that we’ve implemented inside of Microsoft, and I’m very glad to see that we’re sharing this kind of information with the development community.