The Threats Manager Tool

Threats Manager is deprecated and will be removed soon.
If you are interested in the Threats Manager Platform, you can find the source code for the Code libraries and SDK in


The Threats Manager is a new tool that has been developed to provide a new way to perform the Threats mitigation.

It has been designed to provide an integrated workflow with Microsoft Threat Modeling Tool 2016, which can be downloaded from here.

The latest version of the Threats Manager (v1.5) can be downloaded from here or by clicking on the shield.

Please note that the previous versions of Microsoft Threat Modeling Tool are not supported by the Threats Manager.

Microsoft Threat Modeling Tool 2014 and 2016 provide a new Threat generation functionality, which is very important because helps the rest of us, who have difficulties in finding the threats to a system. The downside of this feature is that it leads to hundreds of Threats generated for even the simplest system: this typically means many days of work, which would possibly imply something like 100 men/days or more, for the biggest projects. And this is only for the mitigation exercise.

This is not Microsoft Threat Modeling Tool’s fault, but a consequence of having automatic generation of Threats. To be fair, Microsoft’s tool does not impose the automatic threat generation: this is enabled by default and is really convenient, for us that are not so experts in finding the actual threats to our applications.

Nevertheless, mitigating threats generated automatically by Microsoft Threat Modeling Tool is clearly not efficient. This is when the Threats Manager kicks in, by providing a way to improve the threat mitigation experience, by grouping the threats on the basis of the threat template that has been used to generate the threats themselves. Then it provides some fast ways to apply the same mitigations to multiple threats, as fast as possible. For more information and a demonstration of its features, please see the following video.

Please consider that the Threats Manager is not a Microsoft tool: I developed it in my spare time and decided to distribute it independently and for free.


Long time has passed since Threats Manager has been published first. The need for it has passed as well, mostly because of the design of the new templates that have been published, like the Azure Template shipped with the Threat Modeling Tool. This has make Threats Manager less relevant for the threat modeling practice, nowadays. For this reason, I have stopped using it and working on it.

Thank you to everyone who has tried the tool!

No Comments

Be the first to start the conversation!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.