Threat-Dragon-ng

OWASP Threat-Dragon-ng 2.5.0 is an open-source, cross-platform threat-modeling tool that enables development, security, and DevOps teams to create visual threat-modeling diagrams and systematically catalog threats and their remediations for individual components within those diagrams. As an official OWASP Lab Project, the application adheres to the values and principles of the threat-modeling manifesto, emphasizing flexibility, simplicity, and accessibility so that organizations of any size can integrate structured threat modeling into their secure-development lifecycle without specialized training. Typical use cases include architects mapping attack surfaces for new micro-services, product owners reviewing threat landscapes during sprint planning, compliance teams documenting risk controls for regulatory audits, and educators demonstrating secure-design concepts in classroom settings. The software supports four concurrent release streams—totaling four distinct versions—allowing users to select the branch that best matches their stability or feature requirements while still receiving diagramming capabilities, threat libraries, and mitigation tracking. Operating within the Security & Privacy category, Threat-Dragon-ng exports models to common formats for sharing with stakeholders and integrates with version-control systems to keep threat artifacts synchronized with evolving codebases. The interface provides drag-and-drop diagram elements, STRIDE and LINDDUN alignment helpers, and collaborative annotations so that cross-functional teams can iteratively refine threat models alongside user stories and architectural epics. Threat-Dragon-ng is available for free on get.nero.com, with downloads provided via trusted Windows package sources such as winget, always delivering the latest version, and supporting batch installation of multiple applications.

Tags: