A free Threat Modeling tool providing superior efficiency, effectiveness, and extensibility.

Threats Manager Studio showing a diagram of a sample system.
An example of Threat Model designed with Threats Manager Studio.

Learn the Threat Modeling Process with TMS

Threat Modeling with TMS: Diagramming
How to create Threat Models with Threats Manager Studio (TMS) starting from the Diagrams.
Threat Modeling with TMS: Threats and Mitigations
How to create Threat Models with Threats Manager Studio (TMS), by focusing on the Threat Event analysis and Mitigation assignment.
Threat Modeling with TMS: Adding Your Value In
How to create Threat Models with Threats Manager Studio (TMS), by making your experience count.
Threat Modeling with TMS: Quality and Communication
How to create Threat Models with Threats Manager Studio (TMS), by verifying their quality and preparing for communicating with Business Stakeholders and Product Owners.
Threat Modeling with TMS: the Interviews
How to create Threat Models with Threats Manager Studio (TMS), by interviewing the various stakeholders.

Get Answers to Your Questions

What Threats Manager Studio is?Is Threats Manager Studio for me?Is Threats Manager Studio mature?
Threats Manager Studio (TMS) is a new Threat Modeling tool, designed to implement an evolved process called Threat Modeling vNext.

We have designed TMS to be highly adaptable to the needs of the beginner as of the expert, by providing different functionality levels which can be further extended thanks to its modularity.

Expert and novices have used TMS on real projects for about 2 years now, and this has allowed to hone it to be effective and efficient.

TMS is also based on a solid Open Source foundation called Threats Manager Platform, which is available from https://github.com/simonec73/threatsmanager under the MIT license.
TMS has been designed to fulfill the needs of many different personas, from the super-Expert to the novice, including Project Managers, Product Owners, and Business Stakeholders. It provides personalized views and allows them to further configure the experience based on specific needs. Its modular design supports the integration of owned systems and LoB applications, through the SDK provided with the Threats Manager Platform.

But TMS is not a tool for every need. Designed as a Windows Desktop application, it has very limited features to support concurrent access to the Threat Models. This is by design and is not going to change.
If this is a requirement for you, then other tools may represent a better choice.
TMS has been in the making for about 3 years, and actively used for more than 2 years. As such, it has already been used to produce many Threat Models of real systems and has been refined over time based on this experience and the received feedbacks.

TMS is a testbed for new ideas, to support the vision of Threat Modeling as an ever-evolving process, which is at the core of Threat Modeling vNext. As such, it is continuously updated and improved, and will not ever reach a status of full completeness.

What Threats Manager Studio is?
Threats Manager Studio (TMS) is a new Threat Modeling tool, designed to implement an evolved process called Threat Modeling vNext.
We have designed TMS to be highly adaptable to the needs of the beginner as of the expert, by providing different functionality levels which can be further extended thanks to its modularity.
Expert and novices have used TMS on real projects for about 2 years now, and this has allowed to hone it to be effective and efficient.
TMS is also based on a solid Open Source foundation called Threats Manager Platform, which is available from https://github.com/simonec73/threatsmanager under the MIT license.

Is Threats Manager Studio for me?
TMS has been designed to fulfill the needs of many different personas, from the super-Expert to the novice, including Project Managers, Product Owners, and Business Stakeholders. It provides personalized views and allows them to further configure the experience based on specific needs. Its modular design supports the integration of owned systems and LoB applications, through the SDK provided with the Threats Manager Platform.
But TMS is not a tool for every need. Designed as a Windows Desktop application, it has very limited features to support concurrent access to the Threat Models. This is by design and is not going to change.
If this is a requirement for you, then other tools may represent a better choice.

Is Threats Manager Studio mature?
TMS has been in the making for about 3 years, and actively used for more than 2 years. As such, it has already been used to produce many Threat Models of real systems and has been refined over time based on this experience and the received feedbacks.
TMS is a testbed for new ideas, to support the vision of Threat Modeling as an ever-evolving process, which is at the core of Threat Modeling vNext. As such, it is continuously updated and improved, and will not ever reach a status of full completeness.

Testimonials

Threats Manager Studio extends traditional threat modeling from a technical design phase activity into one that is more cross-functional. For applications that require a deeper dive threat modeling, the emphasis on business value and risk prioritization is much more aligned with building security activities into evolving product architectures delivered through fast-moving DevOps pipelines.

Altaz Valani, Director, Insights Research, Security Compass

I’m using Threats Manager as my primary tool for Threat Modeling IT Pro.
Requested changes (improvements, enhancements) can be addressed and are being recognized.
It’s such a great tool containing deep expertise and capabilities.

Oliver Niehus, Architect Cyber, Microsoft Services

Threats Manager is a revolutionary improvement to Threat Modeling. It allows me to complete a Threat Model engagement in less than half the previously required time. I can use it with pre-defined rules and can also add additional threats for non-standard model elements of special requirements. Finally, it allows me to develop a risk management-based roadmap and produce professional Word or Excel output without copy & paste.

Heinrich Gantenbein, Principal Consultant Cybersecurity, Microsoft Services

I have worked with Threat Modeling for quite some time and even if I love the process, the challenge has always been in the tool. This has now been mitigated and I can now get a quite good understanding of possible threats within a few hours and, even better, be able to communicate it effectively.

Jesper Kråkhede, Architect Cyber, Microsoft Services

About 20 years ago, I made a comment to a journalist: “If we had our hands tied behind our backs (we don’t) and could do only one thing to improve software security… we would do threat modeling every day of the week”. That comment is as true today as it was then.
Threats Manager Studio represents an evolution of the Threat Modeling process, which not only makes the experience more efficient and effective, but also continue to raise Threat Modeling as a critical component of Risk Management.

Michael Howard, Sr Principal Consultant Cyber, Microsoft Services

    Carousel controls