Skip to main content
Microsoft Security

New Microsoft Threat Modeling Tool 2014 Now Available

Today we’re announcing the release of the Microsoft Threat Modeling Tool 2014. This is the latest version of the free Security Development Lifecycle Threat Modeling Tool that was previously released back in 2011.

More and more of the customers I have been talking to have been leveraging threat modeling as a systematic way to find design-level security and privacy weaknesses in systems they are building and operating. Threat modeling is also used to help identify mitigations that can reduce the overall risk to a system and the data it processes. Once customers try threat modeling, they typically find it to be a useful addition to their approach to risk management.

We have been threat modeling at Microsoft for more than 10 years. It is a key piece of the design phase of the Microsoft Security Development Lifecycle (SDL).  In 2011 we released the SDL Threat Modeling Tool, free of charge, to make it easier for customers and partners to threat model as part of their software development processes. The tool has been very popular and we have received a lot of positive customer feedback in addition to suggestions for improvement.

We have implemented many of the suggested improvements in the new version of the tool, now called the Microsoft Threat Modeling Tool 2014.  Highlights of the new features in Microsoft Threat Modeling Tool 2014 include:

For more details on the new features and functionality of the Microsoft Threat Modeling Tool 2014 please see the SDL blog.

You can download the tool, free of charge, here.

Tim Rains
Director
Trustworthy Computing