Thank you for all the interest on Threats Manager Studio (TMS)! I’ve already received a lot of comments, both from colleagues working at Company and employed by other Organizations. Thank you!
As I wrote in my previous post, publishing TMS has not represented the end of the work. I’m very well aware that you miss some important pieces, and that I need to provide them before you can really think about adopting TMS. This is the reason for my post: to let you know that you are going to get them very soon.
My most immediate goal is to provide you with the necessary elements to create your own Threat Models. In fact, if you have installed TMS, you may have noticed that it’s very bare: it has a lot of functions, but no knowledge base you can use out of the box to get some results fast, and guide you if you are not exactly an expert. You even have an Extension to automatically generate Threats and assign Mitigations, but no rules already defined!
I’m happy to announce that I’m working on a first template focused on a few core Azure PaaS services. You will be able to use it for your own Threat Models and as a reference on how to create your own templates. The reason why I cannot simply publish those I use for my day-by-day work, is that I do not own them and I’m not authorized to share them.
With this new template on the core Azure PaaS services, you will also get a Word Template you can use to generate documentation for your Threat Models. If you are interested in adapting an existing document you use in your organization as a template for generating documentation with TMS, you can already learn how in the Learning section.
Talking about documentation and templates, this site already provides some guidance on how to consume specialized knowledgebases. What you miss is the documentation on how to create them: this is also going to be addressed very soon.
Another priority for me is to provide examples of Threat Models: the first one will be a reference architecture based on the same core Azure PaaS services covered with the first template. Other examples will be provided at a later stage.
If TMS is already a mature tool and has been successfully adopted by many, it is thanks to all the feedbacks received. Without them, it would simply have been yet another design tool for Threat Models. Your feedback is essential, as it is to get your contributions. For this reason, with the publishing of the first template, I am going to open up the possibility to provide your own Templates and Examples, for the community to use. If you interested in contributing, you can start by reading the License: it already states what your rights will be as a contributor.
From the perspective of the TMS tool, I can anticipate that the next version will be focused on bug fixing and implementation of some minor features. This will allow to publish a new version in a couple of weeks from now. I’m already receiving some telemetry about bugs, but fortunately nothing serious so far: in any case don’t worry, they will be fixed soon.
After the upcoming version, you will get a new Extension Library: I am working on a functionality to synchronize the Roadmap with Azure DevOps. This idea is to extend that at a later stage, to support also Jira and GitHub.
This is just the start! Be sure to keep an eye on threatsmanager.com to get the new goodies as they are available!