Continuum Security
IriusRisk from Continuum Security
A single integrated console to manage application security risk throughout the software development process
Application Security remains a headache for many organizations. Some of them currently do not perform threat modelling and risk management practices because of skills and time constraints. And organizations that do, find it challenging to scale the activity to match the rate of development of new applications. Both groups share the same constraints: too few skilled software security analysts and too many applications. Main challenges as a result are security vulnerabilities in applications, caused by weak security design and inadequate controls; too much time and resources required to perform risk analysis and threat modeling; and a lack of measurement, view and response to application security risk through all of the software development and delivery steps
IriusRisk is an expert system that performs a risk analysis and creates a threat model of a software application at design time. The threat model includes recommendations on how to address the risk, along with specific source code examples on how to implement features securely. IriusRisk then enables the user to manage security risks throughout the rest of the software development lifecycle (SDLC) by integrating with bug tracking tools and testing frameworks