ThreatModeler, a company that provides threat modeling software, has launched the Threat Model Marketplace.
This new platform aims to make DevSecOps more accessible for businesses of all sizes. The marketplace includes pre-built threat models that can be integrated into a development pipeline alongside educational resources such as tutorials, best practices and case studies.
More specifically, the online shop launched with 50 pre-built threat modeling templates, and the company intends to introduce up to 50 new threat models per month. Future updates will reportedly enable third parties to upload customized threat models to be downloaded for free or for a nominal cost.
“Threat modeling is so valuable for maintaining secure systems that Executive Order 14028 makes threat modeling activities a compliance demand for many organizations,” explained ThreatModeler CTO John Steven.
“With organizations eager for help to overcome the persistent challenges that modeling can entail, Threat Model Marketplace is the right platform at the perfect time and represents a significant step forward in facilitating access to this important security resource."
According to the company, this is the first platform of its kind, and it aims to help small and medium-sized businesses that lack the resources to hire dedicated security professionals to incorporate threat modeling into their development process.
“Executives are naturally wary of adopting new security tools, as each one brings new costs, training requirements, and workflow disruptions. Threat Model Marketplace is designed to lower these barriers to implementing a DevSecOps approach,” said ThreatModeler CEO Archie Agarwal.
The executive added that by providing pre-built threat models, companies could accelerate their systems development life cycle (SDLC) and migrations to the cloud by starting from the point of security and compliance.
“The truly exciting aspect of Threat Model Marketplace, however, is the community that it will unlock,” Agarwal told Infosecurity.
In other words, providing a platform for third parties to contribute vetted cybersecurity assets that companies can download will fundamentally democratize access to and adoption of architectures that follow cybersecurity best practices.
“This is critical as we continue to face rising threats and a shortage of skilled software and security workers,” said Agarwal.
The Threat Model Marketplace is available now on the ThreatModeler website. It is currently free for an initial 90-day time period, but the company told Infosecurity this period may be extended.
More information about threat modeling for DevSecOps is available in this analysis by cybersecurity reporter Sean Michael Kerner.