IriusRisk, the threat modeling platform for application security, has announced the appointment of Dr. Gary McGraw as Chairman of its Technical Advisory Board (TAB). He joins its existing advisor, Adam Shostack, to assist in the strategic direction and development of the IriusRisk threat modeling platform. The board will play a pivotal role in accelerating the company’s efforts to push threat modeling to the forefront of the security agenda and secure its place as the choice partner for global enterprise organisations.
Emerging and complex technologies such as machine learning, distributed Internet of Things (IoT), and artificial intelligence, create compelling business opportunities but also present new security challenges. The architectures employed for these systems increase the attack surface and the likelihood of architectural flaws. These flaws cannot be identified using static code analysis tools because they exist outside of the code – in the relationships between components and in the features offered by the application. Threat modeling, based on secure design principles, can avoid these flaws before a line of code is even written and reduce the amount of unplanned security work later on in the development process.
The Technical Advisory Board will advise on strategic platform development and technical direction, drawing on the experience and expertise of its members. As a globally recognised authority in software security, Gary will use his pioneering expertise in architectural risk analysis to chair the TAB, plus his knowledge as an emerging expert in machine learning security.
“As a field, software security has made impressive progress over the last two
decades,” says Dr. McGraw. “Now it is time to automate what we know about security engineering, threat modeling, and architectural risk analysis. IriusRisk is leading the charge to take software security to the next level.”
He joins the TAB’s existing advisor, Adam Shostack, who was integral in designing Microsoft’s Threat Modeling Tool, formulated the industry-standard ‘Four Question Framework’, and wrote a definitive book on the subject, ‘Threat Modeling: Designing for Security’. On Dr. McGraw’s appointment, Shostack commented:
“I’m excited to be working with Gary to expand the board. The incredible brain trust that IriusRisk is building to help shape product strategy is going to be hard to match.”
Following his recent participation in the Threat Modeling Manifesto, Stephen de Vries, IriusRisk CEO, plans to expand the advisory board and welcomes interest from the wider security community to accelerate threat modeling as a commonplace, industry best practice within security and development teams:
“We are privileged to have two of the pioneers in software security on our advisory board so that our customers can benefit from their experience in implementing threat modeling and architectural security programs in large engineering teams.”
IriusRisk is the industry’s leading threat modeling solution in Application Security. With enterprise clients including Fortune 500 banks, payments, and technology providers, it empowers security and development teams to ensure applications have security built-in from the start – using its powerful threat modeling platform.
Whether teams are implementing threat modeling from scratch, or scaling-up their existing operations, the IriusRisk approach results in improved speed-to-market, collaboration across security and development teams, and the avoidance of costly security flaws.