IriusRisk Community Edition is a free version of IriusRisk that allows you to quickly create threat models of software and cloud architectures and then manage those threats and countermeasures throughout the rest of the SDLC, including:
- Assigning a risk response: Accept, Mitigate or Expose
- Apply a security standard, such as OWASP ASVS to derive the security requirements in one step
- All threat models created in IriusRisk can be published as Templates that are visible to other users of the platform.
- Register for a user account
- Follow @IriusRisk for updates
- Submit bugs and feature requests to github
- One of the goals of the Community edition is to start sharing a common set of threat models for typical (or not) architectures. If you've modeled a system that you believe would benefit the wider Community please publish it as a Template! This will make it visible to other users of Community who will be able to import it into their own models. The submitted templates will go through a review process and if accepted, be published here on the github site in raw XML format so that non-community users can also take advantage of it.
- NOTE: When you publish a model, it will be removed from the Product table, you'll need to create a new product and import your template into it, to work on it again.
- Manage more than 1 application. The solution has been tested with 4000+ applications.
- Customise the rules engine, component library and threat and countermeasure knowledge-bases.
- Create custom questionnaires and data flow rules
- See our website for more details