IriusRisk launches Open Threat Model

Automated threat modelling company IriusRisk has launched its Open Threat Model (OTM) Standard under a Creative Commons license. The OTM Standard, released as part of version 4.1 of the IriusRisk product, is a tool agnostic way of describing a threat model in a simple to use and understand format. An accompanying API allows you to provide an OTM file and IriusRisk will automatically build a full threat model using the rules engine, which contains an extensive library of components and risk patterns.

The OTM standard has been designed for the software architects, DevOps and DevSecOps personnel that are working towards secure design and want to contribute to the widespread adoption of Threat Modeling as an industry standard. The objective of the OTM Standard is to simplify the generation of threat models, making it a commoditised and easily adoptable practice.

The OTM Standard can leverage a wide range of source formats, including Amazon Web Services Cloudformation and easily supports new sources of application and system design. Users can write and share parsers for artefacts such as CloudFormation, Visio, or Docker Compose files. The Standard will also allow users to exchange threat model data within the SDLC and cyber security ecosystem because threat models are represented in a common format, meaning users will be able to use this data through integrations.

In addition, OTM facilitates exchanges between organisations. As it has been launched under Creative Commons, the Standard can be used in open source projects or even by commercial vendors to share threat models of their systems, in order for those in turn to be used by organisations adopting those systems.

Stephen De Vries, CEO and Founder of IriusRisk commented: “With the launch of our Open Threat Model Standard we are building a tool that will transform the threat modeling process. With the wider security and developer community contributing to the Standard, we are excited to see the combined impact we can have on secure design by making threat modeling an increasingly simple and widely adopted practice.”

Fraser Scott, VP of Product at IriusRisk commented “The Open Threat Model standard represents a key step towards commoditised threat modeling, enabling further innovation and faster integration of threat modeling across the SDLC and cyber ecosystem. Open Threat Modeling effectively unlocks a new category of security activity, whereby we can conduct automated architectural security analysis across a huge range of developer disciplines. It is a huge step towards achieving true secure software design.”

The OTM API is now available in IriusRisk’s V4.1 product release, offering a flexible way to describe threat models which can be used throughout the SDLC and cybersecurity ecosystem.

 

To read more exclusive features and latest news please see our Q1 issue here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Copyright: Security Buyer

ASIS UK Launches “Security is You(th)” Hackathon

ASIS International UK has launched Security is You(th), an initiative designed to engage students and early-career professionals…
Image provided by Veeam

AI and Ransomware: Cutting Through the Hype

Rick Vanover, Vice President Product Strategy, Veeam discusses how It might be the great paradox: Artificial Intelligence (AI)….
Copyright: Security Buyer

AmiViz Partners with Titania

AmiViz announced a strategic distribution agreement with Titania. This collaboration underscores a shared commitment to enhancing…
Oil and Gas

Navigating Africa’s Oil & Gas Industry

A comprehensive analysis of security strategies in Africa’s oil and gas industry, covering physical, cyber, and remote surveillance measures.
blackhat

Black Hat Europe Starts Soon

Black Hat Europe starts Monday and now is the perfect time to start planning your experience. With a full lineup of Keynotes…

VIVOTEK’s All-in-One Software Boosts Operational Efficiency for Enterprises

As demand for high-efficiency security systems rises among large enterprises, the global leading…
Assa Abloy website

WTC Amsterdam enhances security and efficiency with digital access solution

The World Trade Center (WTC) Amsterdam, home to over 300 companies, has upgraded its building security with a streamlined, digital access solution from ASSA ABLOY.
John Maddison website

Fortinet launches Lacework FortiCNAPP to enhance cloud-native security

In an advancement in cybersecurity, Fortinet has announced Lacework FortiCNAPP, providing organisations with visibility and security.
GITEX Global 2024 website

GITEX GLOBAL 2024: AI revolution drives strategic tech innovation

GITEX GLOBAL 2024 concluded on Friday, showcasing artificial intelligence (AI) as a transformative force driving business and economic growth
Scroll to Top