How Devici Works
Devici helps teams understand how system design decisions lead to specific security threats.
Rather than relying on static checklists or manually selecting threats, Devici uses an attribute-driven approach to threat modeling. Users describe how their system behaves on a visual canvas, and Devici identifies threats based on the attributes applied and the selected threat framework.
This section explains the core concepts behind how Devici models systems and surfaces threats.
Modeling your system
In Devici, a system is represented visually using a canvas.
On the canvas, you model:
- Elements — such as services, processes, data stores, and external systems
- Data flows — how data moves between elements
- Trust boundaries — where trust levels change
- Scope — which parts of the system are in or out of scope
The goal is not to produce a perfect diagram, but an accurate representation of how the system behaves.
By focusing on structure, data movement, and trust assumptions, the canvas provides the foundation for identifying threats based on how the system is designed and operated.
Applying attributes
Attributes are how users describe security-relevant behavior in Devici.
Attributes are applied directly to elements and data flows on the canvas. Each attribute represents a specific characteristic of the system, such as:
- External exposure
- Authentication or authorization behavior
- Data sensitivity
- Trust assumptions
Attributes are intentionally explicit. Users choose which attributes apply based on how the system actually works, rather than selecting threats directly.
Threat frameworks and threat identification
Devici identifies threats based on the selected threat framework.
Each attribute has a defined relationship to one or more threats within that framework. When a user applies an attribute to an element or data flow, the threats associated with that attribute become applicable to that part of the system.
Threat identification in Devici is deterministic:
- Attributes map directly to threats
- Threats are not inferred or guessed
- Context comes from where the attribute is applied on the canvas
This approach ensures that identified threats are explainable and traceable back to concrete modeling decisions.
Understanding threat context
Every identified threat includes clear context explaining why it applies.
Devici shows:
- Which element or data flow the threat applies to
- Which attribute caused the threat to appear
- Which threat framework the threat originates from
If a threat does not reflect how the system actually behaves, it usually indicates that the model or attribute selection needs refinement.
Iteration is expected
Threat modeling is not a one-time activity.
As systems evolve, teams update threat models by:
- Adding or modifying elements
- Changing data flows
- Applying or removing attributes
- Refining trust boundaries
- Adjusting scope
Devici updates identified threats automatically as the model changes, helping teams understand how design decisions affect exposure over time.
From understanding to action
Identifying threats is only the beginning.
Once threats are identified, teams decide how to respond by:
- Changing system design
- Applying or validating security controls
- Documenting accepted exposure
- Tracking remediation work externally
Devici supports these decisions without forcing a specific workflow, allowing teams to integrate threat modeling into their existing development and security processes.
What’s next
Now that you understand how Devici models systems and identifies threats, the next step is to apply these concepts in practice.
In the next section, we’ll walk through creating your first threat model and using the canvas and attributes to describe system behavior.