There’s a lot happening around threat modeling which is why it’s been a while since I posted my last blog. Since the release of the tool, we’ve been busy:

• Delivering workshops and talks around threat modeling to build awareness.
• Working on the next build of our tool. Some of the key features in the next build will revolve around Visual Studio integration:
  • The ability to import Visual Studio Team System for Software Architects (VSTA) deployment reports.
  • Ability to export countermeasures and test cases (from Attack Library) to Visual Studio Team Foundation Server for tracking (WorkItem tracking).
  • Some work around VSTA Validators for automating the some security checks on logical models (SDM) and even physical deployme
• Working on creating training material around the process.
• Working on folks in the industry to provide a framework for evolving attack libraries through contributions.
• And much more top secret classified stuff… ;-)

The integration with VS is just the first step towards a much tighter integration with Visual Studio Team System in an effort to seamlessly integrate threat modeling (and in turn security!) into the entire development process.

Look out for updates. I’d love to hear from you… a lot of you have already been sending me feedback, feature requests or questions which you can send by filling out the ‘Email’ form on this blog.

-Talhah