Find answers to some of the most commonly asked questions about Tutamantic
How do the plans work?
Each plan will give you a number of threat model files you can upload. Each upload will decrease the total.
The Community Plan gives you a summarized threat model report. As you integrate your secure design practices you can upgrade your plan to generate more reports, targetting specific focus areas of your operations. The standard reports are oriented towards the security specialist, architects, project and team leads, developers and testers.
What does the Tutamen Threat Model Automator do?
The Automator is designed to relieve the burden of repetitious tasks and mistakes made by continuously re-entering data during the design process. It aims to make the threat modelling process more consistent, repeatable and measurable. The development team has more time to analyze the security design issues because the Automator does the heavy lifting and tedious copy/paste and report generation.
The Tutamen workflow integrates seamlessly with any software design process by linking directly to the project software diagrams. The teams annotate the security metadata in the diagrams, linking them directly to the design. If the design changes, the threat model automatically changes.
The metadata drives the analysis engine of the Tutamen Automator. The engine uses many common taxonomies to evaluate the metadata and create an end-to-end threat model solution which can be used to place mitigations in software and identify weak points to do security testing.