Motivation

When performing software-centric threat-modeling on an application¹, one typically:

1. generates at least one Data Flow Diagram (DFD) or other diagrams that model the software,
2. enumerates threats using the diagram(s) as an aid, and then
3. determines which mitigations should be applied.

Automated tools can potentially aid the threat modeler in each of these stages. When the design of a system is modified, the threat modeling exercise may be performed again, resulting in needing to pass through the above steps again. Even if a design remains static, the threats and mitigations should still be evaluated periodically as the threat landscape may evolve, e.g. if attacker capabilities or motivations change. This means that tools or processes that can aid the threat modeler perform these tasks on a continuous basis can be of great value.