SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
App development
#
APM
IriusRisk launches OTM Standard to transform threat modelling
Fri, 25th Mar 2022
FYI, this story is more than a year old
Author image
By Catherine Knowles, Journalist
Follow us

Automated threat modelling company IriusRisk has launched its Open Threat Model (OTM) Standard under a Creative Commons licence.

The OTM Standard, released as part of version 4.1 of the IriusRisk product, is an agnostic way of describing a threat model in a simple to use and understand format.

An accompanying API allows users to provide an OTM file and IriusRisk will automatically build a full threat model using the rules engine, which contains a broad library of components and risk patterns, the company states.

The OTM standard has been designed for the software architects, DevOps and DevSecOps personnel that are working towards secure design and want to contribute to the widespread adoption of threat modelling as an industry standard, the company states.

The objective of the new standard is to simplify the generation of threat models, making it a commoditised and adoptable practice.

In addition, the OTM Standard can leverage a wide range of source formats, including Amazon Web Services Cloudformation, and supports new sources of application and system design.

Users can write and share parsers for artefacts such as CloudFormation, Visio, or Docker Compose files. The standard will also allow users to exchange threat model data within the SDLC and cyber security ecosystem because threat models are represented in a common format, meaning users will be able to use this data through integrations.

Finally, OTM facilitates exchanges between organisations. As it has been launched under Creative Commons, the standard can be used in open source projects or even by commercial vendors to share threat models of their systems, in order for those in turn to be used by organisations adopting those systems, the company states.

Stephen De Vries, CEO and founder of IriusRisk, commented, “With the launch of our Open Threat Model Standard we are building a tool that will transform the threat modelling process.

"With the wider security and developer community contributing to the Standard, we are excited to see the combined impact we can have on secure design by making threat modelling an increasingly simple and widely adopted practice.

Fraser Scott, VP of Product at IriusRisk says, “The Open Threat Model standard represents a key step towards commoditised threat modelling, enabling further innovation and faster integration of threat modelling across the SDLC and cyber ecosystem.

"Open Threat Modelling effectively unlocks a new category of security activity, whereby we can conduct automated architectural security analysis across a huge range of developer disciplines. It is a huge step towards achieving true secure software design.

The OTM API is now available in IriusRisks V4.1 product release, offering a way to describe threat models which can be used throughout the SDLC and cybersecurity ecosystem.

IriusRisk is a threat modelling and secure design solution utilised in Application Security. Enterprise clients including banks, payments and technology providers, can use the solution to build security into applications.

Related stories
RiverSafe teams up with Cribl to boost IT & data security services
Half of online traffic in 2024 generated by bots, report finds
Keeper Security launches user-friendly passphrase generator
Spirent partners with online payments platform to boost cyber defenses
How attackers target security blind spots: Three real-life lessons from the SOC
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Secolve & Asimily join forces to boost Australia's IoT security
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models