IriusRisk Community Edition is a free version of IriusRisk that allows you to quickly model software security risks using a template based approach, and then manage those risks throughout the rest of the SDLC, including:
- Assigning a risk response: Accept, Mitigate or Expose
- Apply a security standard, such as OWASP ASVS to derive the security requirements in one step
- Automatically upload security controls as requirements to Jira
- Synchronise the current implementation state of the requirements with Jira and automatically adjust the associated risk rating
An open Threat Model platform
All threat models created in IriusRisk can be published as Templates that are visible to other users of the platform. If you have existing threat models in Microsoft Threat Modeller version 4 format, you can import the threats and countermeasures via the "Add Artifact" feature on the Architecture tab. (Threat and Countermeasures are imported, but not dataflows).
- Registration for the Community Edition is suspended until 27 August 2019. Follow @IriusRisk for updates
- Submit bugs and feature requests to github
- Join the IriusRisk discussion forum
Try our commercial edition for these extra features
- Manage more than 1 application. The solution has been tested with 4000+ applications.
- Directly modify questionnaires, risk patterns and rules.
- Access to expanded risk patterns libraries such as PCI DSS v3.2
- Use our API to embed IriusRisk as part of your SecDevOps pipeline and automatically import Cucumber, BDD-Security and OWASP ZAP scanning results
- Import vulnerabilities from numerous SAST and DAST tools via ThreadFix
- See our website for more details