Customizing rules in Threat Modeling Tool 2014 RRS feed

  • Question

  • The Microsoft Security Blog that announced the Threat Modeling Tool 2014 stated the following:

    "We [offer] further flexibility to our users to customize the tool according to their specific domain. Users can now extend the included threat definitions with ones of their own."

    However, I have to date read no documentation that describes how to extend threat definitions, or if this functionality is supported.

    Is the functionality to extend threat definitions supported by the Threat Modeling Tool 2014?

    • If yes, is documentation available to describe how to do this?
    • If no, will the functionality to extend threat definitions be available in the near future?


    Tuesday, May 13, 2014 8:06 PM


All replies

  • Hi Matthew,  This functionality is supported, and you'll find the documentation in Appendix 2 of the User's Guide which can be found here:



    Saturday, May 17, 2014 12:18 AM
  • Thank you Michael.

    For others reference, the zip file pointed out by Michael can be found online on Microsoft's Security Development Lifecycle Developer Starter Kit webpage - click on Threat Modeling Tool 2014 Principles (.zip) in the Design Phase row.

    Best Regards,

    Monday, May 26, 2014 4:52 PM