Skip to content
A Continuous Threat Modeling methodology
Branch: master
Clone or download
Latest commit eea2535 Jun 5, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information. First commit May 29, 2019 Typo May 31, 2019 Add Jun 4, 2019 First commit May 29, 2019

Continuous Threat Modeling

CTM is Autodesk's threat modeling methodology enabling development teams to perform threat modeling with minimal initial security knowledge and lesser dependency on security experts. It is an evolutionary, dynamic methodology that should mesh well with teams using Agile and evolving system architectures.


All manner of contributions are welcome. The methodology is still relatively young, and emphasis has been placed on simplicity, return-on-investment and building a developer-friendly workflow. We are looking for contributions on the security principles, secure development checklist, and community support - as well as win or less-successful cases, improvement and modification suggestions.


  • Changes are welcome via pull request and we look forward to working with you on changes!
  • Use informative commit messages and pull request descriptions.
  • Keep style consistent.
  • Keep things simple. We are aiming for immediate results and a steady learning curve for developers, making every interaction with the methodology smoother and more rewarding (in terms of number and quality of findings) than the previous.
  • Focus on principles. We are not looking at the small feature of that obscure web framework, rather, we are looking at principles that help developers build an over-arching understanding of security.


For background information on how Autodesk uses the Handbook and Checklist for Continuous Threat Modeling, see "Threat Modeling Every Story: Practical Continuous Threat Modeling For Your Team".

You can’t perform that action at this time.