Congratulations to ThreatModeler and IriusRisk!

Congratulations to all involved!

I’ve been waiting to kick off 2026 on a positive note, and I’m excited to be able to publicly congratulate IriusRisk and Threatmodeler, now a single company, bringing together the very best enterprise-grade threat modeling software!

People frequently want to know what I mean by “enterprise” software and how it compares to the Microsoft Threat Modeling Tool. The model of Excel vs SAP works well here. The MS tool, like OWASP Threat Dragon, is great for your individual threat modeling needs and a few models. We know that threat modeling is useful when it leads to issues being tracked and fixed, and we can do that tracking and management manually, or we can do it in a tool that gives us insight into the state of the enterprise. That’s what enterprise-grade threat modeling tools do for us; and they replace PM toil with automation, freeing up analysts to do the really useful work that humans can do: bringing experience, perspective and judgment to threat modeling. (For more on my model of tools, see my post on Threat Modeling Tools. Also, I have no idea why Microsoft pulled the bug filing tool we put into V3.

I’m excited to see the teams combining, creating a clear market leader and I look forward to the product combination work: Each company has had clear differentiators and strengths, and while it’ll obviously take time to bring those together, I think the resultant offerings will have a vast advantage over everything else in the marketplace.

Image by Chatgpt

Originally published by Adam on 07 Jan 2026
Categories: threat modeling

Subscribe (RSS/Mail)

RSS/ATOM: The RSS feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.