The Microsoft Threat Analysis and Modeling (TAM) tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts.
TAM has changed in ways to make threat modeling cheaper, faster and better. The following are the prominent new features in version 3.0.
- Azure based CTL store
- Visio drawing surface for use cases
- Intelligent TFS Sync
- Automated tool update detection
- Modified methodology to make threat modeling simpler
- Composite Threats and single threat for a call
- Improved Automatic Threat Generation
- v2.1 Import with automated countermeasure mapping
- Updated countermeasure structure
- Other minor UI and functionality tweaks.
TAM 3.0 beta is available for download here.