Threat Modeling

The Threat Modeling guides show you how to build, analyze, and maintain threat models in Devici.
They focus on how Devici represents systems, how threats are generated, and how you drive actionable security outcomes from your models.

Use these guides when you are creating a new threat model, evolving an existing one, or validating security posture as your system changes.

Start here

If you’re new to threat modeling in Devici, begin with:

• Building a Threat Model
  Learn the end-to-end workflow for creating a threat model, from defining scope to reviewing generated threats.

Core threat modeling concepts

These guides explain the foundational building blocks Devici uses to represent your system:

• Elements
  Understand processes, data stores, and external entities, and how they form the structure of your threat model.

• Data Flows & Trust Boundaries
  Learn how information moves through your system and where trust boundaries introduce risk.

• Attributes
  See how attributes describe security-relevant characteristics and drive threat generation.

From model to action

Once your system is modeled, these guides help you turn structure into outcomes:

• Threats & Mitigations
  Review generated threats, understand their context, and track mitigations.

• Threat Register
  View and manage all threats across a model in a single, consolidated view to support prioritization and remediation.

• Exporting Threat Models (PDF & CSV)
  Generate shareable reports and structured threat data for use outside Devici.

• Mitigating Attributes
  Apply mitigating attributes to reflect existing security controls and reduce threat noise.

• Threat Model Health Score
  Measure model quality and identify gaps as your system evolves.

Managing change over time

Threat models are living artifacts. These guides help you keep them accurate and useful:

• Threat Model Versioning & Restoring
  Track changes, restore previous versions, and manage long-term evolution of your models.