How Threat Model Automation Solves the Challenge for Small Development Teams
In today's threat landscape, organisations must proactively manage the risk of system and data exposure due to malicious activities on their software. Sites like Twitter, used by 300 million people every month, need robust security processes and tools for their build chains.
That's because new vulnerabilities are continuously discovered and often not by friendly parties! Despite being a huge business, Twitter has a relatively small development staff who find a time-intensive and complex threat modelling process a barrier to their development agility.
Tutamantic provides a solution to the problem of bloated and overweight threat-analysis processes, which have been jammed into development lifecycles without any thoughts of proper integration.
Our lightweight, automated threat model solution is built to simplify the threat model work that gets done during development. Teams can use their own tools (e.g., Diagrams.net and Lucid Charts) to represent what they want to threat model.
Once a representation of the target system is made available, the team must add security metadata to the representation using the tool itself. The team then creates an output of the resulting diagram + metadata and sends this to the Tutamen API. The Tutaman creates and outputs the threat model report in JSON, CSV and pdf format.
Tutamantic's SaaS tool is based on the well-known open-source Rapid Threat Model Prototyping (RTMP) methodology and can effectively integrate into all development workflows (e.g., Agile). The output can be consumed by static analysis tools, ticketing tools, testing tools and build orchestration tools. This approach has low overhead and makes it easy for a small development team to do threat modelling alongside their regular development process.
The Tutamantic team is here to provide solid integration with your particular software workflows and will help you to effectively create a threat modelling champion framework along with points where to execute the threat modelling activities.
Contact plans.info@tutamantic.com to learn more about the system, technology, and our pricing. Or you can go to our Calendly link to arrange a meeting here https://calendly.com/tutamantic_sec.