The SDL Threat Modeling Tool differs from other tools and approaches in two key areas:
- It is designed for developers and centered on software
Many threat modeling approaches center on assets or attackers. In contrast, the SDL approach to threat modeling is centered on the software. This new tool builds on activities that all software developers and architects are familiar with--such as drawing pictures for their software architecture.
- It is focused on design analysis
The term "threat modeling" can refer to either a requirements or a design analysis technique. Sometimes, it refers to a complex blend of the two. The Microsoft SDL approach to threat modeling is a focused design analysis technique.