Threat Modeling Tools Mapping
The tables below show the severity and triage status mappings for all of the Threat Modeling tools that are supported by Software Risk Manager.
Tools are listed alphabetically. Tool results are mapped to the Software Risk Manager status shown at the top of each column. (A blank cell indicates that an equivalent status value is unavailable or undefined.)
Severity Mapping
| Threat Modeling Tool | Critical | High | Medium | Low | Info | Unspecified |
|---|---|---|---|---|---|---|
| IriusRisk1 | Critical (76-100) | High (51–75) | Medium (26–50) | Low (1–25) | Very Low (0) | |
| Microsoft Threat Modeling Tool 2016 | high | medium | low | |||
| SD Elements | 9+ | 7–8 | 5–6 | 1–4 |
1. IriusRisk threats are assigned a severity in SRM based on their Current Risk value. The risk ratings are mapped to SRM severities based on this mapping.
Triage Status Mapping
| Threat Modeling Tool | Ignored | False Positive | To Be Fixed | Mitigated | Fixed | Reopened |
|---|---|---|---|---|---|---|
| IriusRisk | ||||||
| Microsoft Threat Modeling Tool 2016 | Not Applicable | Mitigation Implemented | ||||
| SD Elements |
For SRM Triage Status definitions, click here.