The previous link can be used to download an archive containing three files. To install the tool please use the ‘setup.exe’ file.
It can be installed in place, replacing the previous installation if present.
Please remember to check integrity of the archive, before extracting its content. To do that, you can calculate and check one of the following hash functions:
Consider also that all the files contained in the archive have been signed with a certificate generated by Certum CA for me. My binaries have also been signed using the very same certificate.
The requirements for this version, are:
- A computer based on Intel x86 or x64 architecture.
- A monitor capable of resolution not lower than 1024×768.
- Windows 7 or more recent.
- .NET 4.6.1 or more recent. If not present, it will be downloaded automatically.
This new version implements a new functionality to improve efficiency through a set of shortcuts.
It also includes the following new functionalities and fixes for some minor issues:
- [NEW] User can select a custom user name to be used to specify who makes the changes.
- [NEW] User can clear marks on all Threats belonging to the same Threat Type, or on all Threats.
- [NEW] User can enable a subset of the Markers, to focus only on them..
- [NEW] Added a visual marker to the caption, to show if the document has been changed.
- [NEW] Added a shortcut to mark the Threat as changed.
- [NEW] Added shortcuts to insert the name of the Source, Target and Flow to the text of the Threat.
- [NEW] The Completeness Bar now show the completeness percentage as tooltip.
This version should be considered to be BETA Quality and is not complete with all the planned features for Threats Manager 1.5.
Would you consider open-sourcing this in order to have the community assist with the maintenance and support of this tool?
Thank you Morten! This is a great idea, but unfortunately I had to use a couple of third-party libraries and paid services to make the development possible, and I cannot do that. Rest assured that the new version is well advanced in its development and it will be released soon. Meanwhile, every feedback would be greatly appreciated.
Is the new version released?
Hi Patrick, thank you for your message. Threats Manager has been deprecated about one year ago. You may want to get a look at Threats Manager Studio (TMS). You can find it at https://threatsmanager.com.
Hi Simone, thank you for the tool. Is this tool considered to be a successor/replacement of the Microsoft Threat Model Tool or is it seen as addon?
It is an add-on. I do recommend using my tool only for the old template and certainly not for the Azure one, because it’s way less effective for the new templates.
where can i find a getting started documentation for the Threat Manager 1.5.10. to get me started with the tool
Thank you for your interest, knelyo. I have prepared a couple of videos on it, some years ago: https://simoneonsecurity.com/2017/03/29/tm-v1-5-51-video/ and https://simoneonsecurity.com/2017/04/01/threats-manager-pills-threats-prioritization/.
But please advised that my tool is not actively developed anymore, because it is not effective as it should with templates like the one on Azure.
Please stay tuned: I may be able to share some exciting news, in the upcoming months.
Thank you Simone for your reply and sharing the videos. Please do share the news whenever it is available, am excited to hear that you are working on the initiative to further ease threat model effort to build resistant systems to ever changing threat landscape.
In the interim, as an expert in threat model i was wondering if you like to suggest some training materials to shorten my learning curve to doing quality threat modelling.
thanks again Simone
Sure, probably the best book on Threat Modeling is Brook S.E. Schoenfied’s “Securing Systems” (https://www.crcpress.com/Securing-Systems-Applied-Security-Architecture-and-Threat-Models/Schoenfield/p/book/9781482233971). Another good book is Adam Shostack’s (https://www.wiley.com/en-us/Threat+Modeling%3A+Designing+for+Security-p-9781118809990). Pluralsight has also some introductory videos. But the best way to learn is by doing.
If you work in an organization and you would like to engage Microsoft’s help to adopt Threat Modeling as an internal practice, just contact me via LinkedIn and I will give you all the assistance required.
Thanks for share the book list. i appreciate it.
Your offer to help with our internal practice with threat model is great, please let me run the idea by my senior director and will get back to you.
Any further news on the threatsmanager tool and does it expand further than the current MS tool with respect to Azure components/services?, thank you, Pete
Sorry for the late answer. The tool you are commenting has been deprecated. It was an accelerator for the threat modeling experience.
There is another tool in https://threatsmanager.com that provides advanced threat modeling capabilities. As other tools, it requires a knowledge base to be prepared and shared. The currently available knowledge base is not big. I’m working on something to address the problem, but as of today I can’t share. I can only say that if and when this will become available publicly, it will address definitely the knowledge base unavailability problem.