Security Compass SD Elements 2022.2 offers a developer-centric approach to software threat modeling

Security Compass has released SD Elements 2022.2, delivering new features to help organizations deliver developer-centric software threat modeling.

By simplifying and accelerating the creation of threat models and driving standardization across software development and application security teams, SD Elements supports developer-centric threat modeling. This approach prioritizes the speed of software development without compromising the security and compliance required for release.

New features in the SD Elements 2022.2 release include developer-centric threat modeling diagrams, reusable components, advanced reporting, new content and security integrations, and 114 new Just-In-Time (JITT) micro-modules. Additional updates include several new features designed to help software developers and application security teams release secure software faster.

Transferring ownership of security from siled security teams creates a collaborative approach that enables development teams to better understand and support security needs, and enables developers to contribute more easily and earlier to the creation of secure and compliant software.

Key updates and benefits of SD Elements 2022.2 include:

  • Developer-Centric Threat Model Diagrams: Automatically generates a threat model diagram by describing the architectural components on the diagram based on survey responses.
  • Reusable components: Enables users to efficiently model complex, multi-component software applications built using a microservices architecture or a service-oriented approach.
  • Advanced reports: Gives users the ability to easily create rich reports with data visualization from scratch or using pre-built report templates, and delve into the status of software security and compliance or identify the most common threats and weaknesses in a portfolio.
  • New integrations: Expands the integration ecosystem with the introduction of the software composition analysis (SCA) tool Black Duck.
  • New security content: Now includes best practices for securely configuring and using Terraform for cloud infrastructure. These security recommendations are offered as tasks and just-in-time training modules; NIST 800-218, the Secure Software Development Framework (SSDF) and the correction of shortcomings of other elements required by EO 14028; and the California Privacy Rights Act of 2020 (CPRA) Privacy Guidelines.

“The industry is increasingly recognizing the benefits of threat modeling across the software development lifecycle (SDLC). At Security Compass, we are committed to helping our customers mitigate cybersecurity risk at scale through the ability to automate their threat modeling programs,” said Trevor Young, Chief Product Officer, Security Compass. “Creating secure software requires a holistic approach to security, which includes realizing the principles of ‘security by design’. Our ongoing investments in the SD Elements platform enable developer-centric threat modeling, which makes it easier to build secure and compliant software.

SD Elements brings threat modeling to DevOps using a consistent, automated process that enables teams to determine the right preventive controls for specific projects based on their location in the systems development lifecycle. Other benefits include increased visibility into the security and compliance of your embedded software, devices and systems, including verification of control implementation through visual and easy-to-interpret custom and predefined report templates.