IriusRisk has launched a new Open Threat Model (OTM) standard to allow greater connectivity and interoperability between threat modeling and other parts of the software development lifecycle (SDLC). The OTM standard has been published under a Creative Commons license and provides a tool-agnostic way of describing a threat model in a simple to use and understand format, IriusRisk said.
The standard can leverage a wide range of source formats and supports new sources of application and system design, whilst also allowing users to exchange threat model data within the SDLC and cybersecurity ecosystem. An accompanying API allows users to provide an OTM file which IriusRisk uses to build a full threat model using the rules engine, which contains an extensive library of components and risk patterns.