IriusRisk launches Open Threat Model standard to secure software development lifecycle>
CSO Online – Michael Hill
IriusRisk has launched a new Open Threat Model (OTM) standard to allow greater connectivity and interoperability between threat modeling and other parts of the software development lifecycle (SDLC). The OTM standard has been published under a Creative Commons license and provides a tool-agnostic way of describing a threat model in a simple to use and understand format, IriusRisk said.

The standard can leverage a wide range of source formats and supports new sources of application and system design, whilst also allowing users to exchange threat model data within the SDLC and cybersecurity ecosystem. An accompanying API allows users to provide an OTM file which IriusRisk uses to build a full threat model using the rules engine, which contains an extensive library of components and risk patterns.

The OTM standard is part of the 4.1 release of the IriusRisk product and designed for software architects, DevOps and DevSecOps personnel that are working towards secure design and want to contribute to the adoption of threat modeling as an industry standard, IriusRisk explained in a posting on its website. It presents threat models in a common format allowing users to utilize data through integrations and works with different source formats including Amazon Web Services Cloudformation.

Users can also write and share parsers for artefacts such as CloudFormation, Visio or Docker Compose files. âIn addition, OTM facilitates exchanges between organizations,â IriusRisk added. âAs it has been launched under Creative Commons, the standard can be used in open-source projects or even by commercial vendors to share threat models of their systems, in order for those in turn to be used by organizations adopting those systems.â
Link: https://www.csoonline.com/article/3654278/iriusrisk-launches-open-threat-model-standard-to-secure-software-development-lifecycle.html