A new version of threatspec has been released!

27th June 2019

What is threatspec?

Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat specifications alongside code, then dynamically generating reports and data-flow diagrams from the code. This allows engineers to capture the security context of the code they write, as they write it.

How does it work?

Annotate your code

// @accepts arbitrary file writes to WebApp:FileSystem with filename restrictions // @mitigates WebApp:FileSystem against unauthorised access with strict file permissions func (p *Page) save() error { filename := p.Title + ".txt" return ioutil.WriteFile(filename, p.Body, 0600) }

Run threatspec

$ threatspec run

Generate, read and share your threat model report

$ threatspec report

Example threat model report diagram