Like everything else in technology, threat modeling continues to evolve. What started out as engineers doing ad hoc threat modeling, evolved into data flow diagrams built by security experts. And that worked for a while, but it has its limitations. It’s time intensive to manually identify threats and mitigations, and it offers no integration into the software development lifecycle. But worst of all, it’s unscalable.
For threat modeling to be scalable, it can’t be held hostage by security experts. The future of threat modeling is a self-service model where developers do their own threat modeling. But, develops are generally not security experts. So, what’s the answer?
ThreatModeler was created to address the shortcomings of data flow diagrams, bring threat modeling capabilities in-house and make it scalable. The vision for ThreatModeler is to be able to model ALL the threats, automatically, with no security expertise required. And we think we’ve done that.