Skip to content

The Devici Codex

The Devici Codex is Devici’s threat intelligence system. It defines the attributes, threats, and mitigations that Devici uses to analyze threat models and generate actionable security insights.

The Codex provides a consistent, opinionated foundation for threat modeling while remaining extensible to support organization-specific needs.

Use this section to understand how threat intelligence works in Devici, how Codex content is structured, and how to extend it safely.

What is the Codex?

The Codex is a curated library of:

  • Attributes that describe system behavior and data characteristics
  • Threats associated with those attributes
  • Mitigations that reduce risk for those threats

Devici uses the Codex to translate system structure and attributes into relevant threats and recommended actions.

The Codex operates behind the scenes, but understanding it helps you:

  • Interpret generated threats
  • Apply attributes more effectively
  • Reduce noise in threat models
  • Extend Devici without fragmenting risk analysis

Built-in Codex vs Custom Codex

Devici supports two types of Codex content:

Built-in Codex

The built-in Codex is maintained by Devici and provides:

  • Curated attributes, threats, and mitigations
  • Coverage informed by established frameworks such as:
  • STRIDE
  • LINDDUN
  • OWASP Top Ten (including APIs and LLMs)
  • MAESTRO
  • Continuous updates as threat landscapes evolve

The built-in Codex ensures consistent threat modeling across teams and projects.

Custom Codex

The Custom Codex allows organizations to extend Devici with their own threat intelligence.

Use the Custom Codex to model:

  • Organization-specific threats
  • Internal security standards or policies
  • Custom controls or mitigations
  • Domain- or industry-specific risk

Custom Codex content:

  • Coexists with the built-in Codex
  • Is reusable across threat models
  • Does not override built-in intelligence

Tip

Extend the Codex thoughtfully. Over-customization can reduce consistency and make threat models harder to compare.

How the Codex fits into threat modeling

The Codex is not a separate modeling step.

Instead, it:

  • Interprets attributes applied to elements
  • Determines which threats apply in context
  • Suggests mitigations based on known risk patterns

Most users interact with the Codex indirectly through:

  • Attributes
  • Threats & Mitigations
  • The Threat Register

Understanding the Codex helps explain why Devici produces certain outputs.

What this section covers

The pages in this section explain:

  • How attributes, threats, and mitigations are defined in the Codex
  • How to create and manage Custom Codex entries
  • How aliases and reuse support consistency at scale

These pages focus on understanding and extension, not day-to-day modeling tasks.

When you need to work with the Codex directly

You may need to interact with Codex content when:

  • You want to understand why a threat exists
  • You need to model organization-specific risk
  • You are standardizing threat modeling across teams
  • You are integrating Devici into existing security programs

For most modeling workflows, you can rely on the built-in Codex without modification.

What’s next

To learn more about Codex concepts and capabilities, see:

The Codex provides the intelligence behind every threat model in Devici.