Threat modeling in team or enterprise environments
Threagile is and remains an open-source toolkit for Agile Threat Modeling. Organizations running it in team or enterprise environments often want a steady point of contact for advice, customization, and the technical and organizational artifacts internal review or governance processes typically expect. That is what this optional commercial Enterprise Subscription is for, offered by the Threagile maintainer.
As one of the maintainers of Threagile, I see the same questions come up in almost every scaled rollout: how to introduce the tool across multiple teams, how to derive custom risk rules from internal standards, and which technical and organizational artifacts internal review or governance processes typically expect. The subscription complements the open-source version rather than replacing it, and is meant for organizations that want a commercial relationship with one of the maintainers.
Components that can be included:
- Installation and deployment guidance: For on-premise setups, I support your teams with installing and integrating Threagile into your existing environment, on a commercial best-effort basis and within the scope of the respective subscription.
- Configuration and customization: Guidance on fitting Threagile to your requirements, internal processes, and reporting expectations.
- Custom risk rule development: Help with creating customer-specific risk rules that match your technology stack and internal requirements. Custom rules sharpen your modeling; they do not replace a full security assessment.
- Report and template customization: Building and maintaining individual report templates that match your internal or external reporting standards.
- Questions and issues support: A commercial best-effort support channel for content-related questions and operational topics around using Threagile, subject to agreement. Communication channels, response targets, supported versions, and support language are defined in the respective Subscription Agreement.
- Feature request prioritization: Feature requests from Subscription customers are evaluated with priority and taken into account during roadmap planning. This is a prioritization commitment, not a delivery commitment to a specific version or date.
- Optional onboarding workshop: A kickoff workshop covering rollout approach, roles, common pitfalls, and a suggested usage policy for Threagile in your organization.
- Training and documentation videos: Access to a library of video tutorials covering installation, configuration, customization, and day-to-day use; useful for onboarding new team members.
- Supported versions and updates: The versions covered under the subscription and the provision of security-relevant updates follow a documented policy, within the scope of the respective subscription and within organizationally and economically reasonable means. Specifics are defined in the respective Subscription Agreement.
Threagile supports structured, model-based threat modeling. Neither the toolkit nor the subscription replaces a full security assessment, a certification, or a regulatory compliance review of your systems.
Get in touch
If you are already running Threagile or planning a rollout in a production environment and are considering a commercial Enterprise Subscription, let’s talk through which components make sense for your organization. Interested in an individual quote? Let’s talk