It has been designed to provide an integrated workflow with Microsoft Threat Modeling Tool 2016, which can be downloaded from here.
The latest version of the Threats Manager (v1.5) can be downloaded from here or by clicking on the shield.
Please note that the previous versions of Microsoft Threat Modeling Tool are not supported by the Threats Manager.
Microsoft Threat Modeling Tool 2014 and 2016 provide a new Threat generation functionality, which is very important because helps the rest of us, who have difficulties in finding the threats to a system. The downside of this feature is that it leads to hundreds of Threats generated for even the simplest system: this typically means many days of work, which would possibly imply something like 100 men/days or more, for the biggest projects. And this is only for the mitigation exercise.
This is not Microsoft Threat Modeling Tool’s fault, but a consequence of having automatic generation of Threats. To be fair, Microsoft’s tool does not impose the automatic threat generation: this is enabled by default and is really convenient, for us that are not so experts in finding the actual threats to our applications.
Nevertheless, mitigating threats generated automatically by Microsoft Threat Modeling Tool is clearly not efficient. This is when the Threats Manager kicks in, by providing a way to improve the threat mitigation experience, by grouping the threats on the basis of the threat template that has been used to generate the threats themselves. Then it provides some fast ways to apply the same mitigations to multiple threats, as fast as possible. For more information and a demonstration of its features, please see the following video.
Please consider that the Threats Manager is not a Microsoft tool: I developed it in my spare time and decided to distribute it independently and for free. The downside is that it is essentially supported by me on a best-effort basis. Quite frankly, it could happen that other commitments would prevent the resolution of the issues you would find, no matter how important they are. I will whatever I can to assist you as soon as possible, though.
To communicate with me, please use this form: comments to the page will not allow me to contact you back, therefore it is entirely possible that your feedback will be impossible to be handled. Also, messages sent with this form will be ignored and destroyed, if they are not relevant, contain non-constructive comments or do not explicitly allow managing the information provided. All other contacts will eventually receive an answer of some sort.
Thank you to everyone who will try the tool!
I am actively using it for my job, with clear benefits. I hope that your experience will be as positive as mine.