Closing the circle

Written by

Posted on Leave a comment

It has passed quite some time since the release of version 1.4.2 of Threats Manager Studio (TMS), but not in vain.

I am happy to announce today version 1.5.1 of TMS!

The most observant among you have already noticed this new version, because I have silently released it a couple of weeks ago. Now, this is the official announcement, just in time for the Holidays and to send everyone my warmest greetings and wishes for the festivities!

This new release is particularly significant, because it fixes a few important scenarios introduced with version 1.4.x, and introduces new capabilities which supplement the previous ones. As a result, TMS now represents a reasonable approach to integrate Threat Modeling with the DevOps process.

The current capabilities have still a few rough edges, which will be fixed with the upcoming version 1.5.2. And a few more capabilities have been planned for version 1.6.0 to further extend the integration with some of the top Task & Issue Tracking tools in use today, like Jira or GitHub. With the new major version, the idea is not only to go beyond Azure DevOps, but most importantly to cover more integration scenarios, with the intent of creating more contact points between Threat Modeling and DevOps, and increase the value of the first for the latter as an integrated Security Design and Risk Management tool.

You can already see some of those new ideas with TMS 1.5.1:

  • Capabilities like the new Calculated Severity engine allow even the less experts among us to determine the current Severity for Threat Events.
  • New accelerators like the Top flag in the Auto Threat Generation rules definition allow to cut the time required to perform a Threat Model, by focusing on what matters the most.
  • The integration of TMS with your Task & Bug Tracking tool of choice via the DevOps Extension library, is a huge step to make your Roadmap actionable.

There are a lot of new capabilities and fixes introduced with TMS version 1.5.0 and 1.5.1: a total of 31 new features, 13 improvements and 36 bug fixes. But this is just the tip of the iceberg. A lot more is in progress and will be published with version 1.6.0. Some of those new capabilities are almost ready already, but they are not as streamlined as they should to represent a valuable addition to the TMS. So, stay tuned!

As usual, all feedback you can provide is more than accepted. Please use the tools to comment and file issues provided by GitHub, or one of the alternatives discussed in How to give your feedback.

Thank you for your continued support!

Posted in Announcements

About the Author:

I have been a Consultant with Microsoft for 15 years and so. As such, I have gained strong competencies around Software Architectures and Methodologies with a focus on Microsoft technologies. I have been working for Microsoft in the Consultancy department since January 2000 mainly for Customers in the Financial sector. Now I am a Senior Premier Field Engineer on Security. In this role I am helping customers in adopting Microsoft Security Products, Technologies and Methodologies. Application Security is one of my main area of interests, even before joining Microsoft: the very reason why I have been hired by Microsoft are a set of articles I have written on Security and specifically on Cryptography between years 1998 and 1999. I am now a member of the Microsoft InfoSecurity Force European Team. As a Microsoft Employee, I have assumed the roles of Developer, Lead Developer, Architect and Microsoft Development Technologies expert. This has allowed me to work for important Banks and Financial Institutions like Intesa SanPaolo, Deutsche Bank, Monte dei Paschi di Siena and Unicredit, and also for P.A. Organizations like INPS, the largest social security and welfare institute in Italy and one of the most important on a European level. The gained experience can be applied to many contexts, not only on Financial Businesses, because it has been mainly focused around technology and soft abilities, like interpersonal awareness and interaction with different people and different organizations. On May 2016 I have assumed the role of Co-Lead of the Worldwide Microsoft Technical Community for the Security Development Lifecycle.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Threats Manager Studio

Subscribe now to keep reading and get access to the full archive.

Continue reading