Product Product The Threat Modeling Tool The industry trusted automated threat modeling tool AI Threat Modeling with Jeff Our powerful AI Assistant which aids you throughout your diagram creation and saves time Bex AI - Conversational Security in Jira Automatically assess and improve the security of your software directly in Jira Services Tailored services to help you elevate your threat modeling and IriusRisk tool Key Features Integrations Fit into your SDLC and existing technology investments Content Library Check how we can help ensure you meet regulatory, industry and operational best practices Get Started Book a demo Pricing Free Community Version Solutions Solutions by painpoint Building Software Securely At every stage of your SDLC Regulation and Compliance Align to regulatory compliance or security frameworks AI & Machine Learning The first ever to threat model AI and ML applications ROI - Forrester Report Forrester Total Economic Impact of IriusRisk Threat Modeling Solutions by need Industry Financial Services Medical Devices Operational Tech Public Services Technology Solutions by role Security Teams Become the hero of the SDLC by increasing development speed while reducing risk. Developers Unleash the power of threat modeling when developers need it and where they want it. CISOs Show the value of your security posture while saving time, money and reducing risk. Resources Blog All the latest news and useful content from the threat modeling world Webinars Live or on-demand, find out what we can teach you Threat Modeling Training Get certified in automated threat modeling, for free Guides & ebooks Who doesn't like free advice and hacks Events Find out where you can meet us, across the globe Documentation All the info and help you need to use our product Methodologies The key ways and methods to threat model Video Grab your popcorn and watch some of our threat modeling content Case studies ‍ Financial Institution Based in America A large financial institution in a regulated market needed an on-premise threat modeling solution. Raiffeisen Bank International Providing an end-to-end solution for threat modeling across the company's network. See all case studies About About IriusRisk Origins Not your average company history! Leadership Team Meet our team helping to bring our vision to life Technical Advisory Board The threat modeling pioneers who help shape what we do Careers Like what you see? Come and work with us Trust, Legal & Security Hub Your trust is our priority. Read how we protect your data, ensure security, and meet compliance Contact We're a friendly bunch, so get in touch Partners Partners Find out more What does partnership look like with IriusRisk Become a partner Team up with and take threat modeling to the world Threat Modeling training with Toreon Effectively scale your threat modeling program Shostack + Associates Training and Accelerator Designed by Adam Shostack: Threat Modeling Training and The Accelerator Program Free Community Version Book a Demo Book a demoTry now Bex AI - Secure by design through conversational security Bex, our AI companion enables Secure by Design to be the default setting for developer work. I want Bex Finally, a secure by design plugin that meets you where you work; Jira. Not a security expert? With Bex AI you don't need to be. The Jira plugin will automatically assess your Jira Epic or Task and will give you recommended actions to take to improve the security of your software, by design. Simply tag @BexAI in your Jira Epic or Task, to get real-time and natural interactions on how your product or service can be improved to consider wider security issues. Stick to what you are best at - developing - create products and applications which are secure by design and by default. Get your hands on this conversational security plugin today by heading over to Atlassian Marketplace. Let's take a step back, what is Secure by Design? Secure by Design (SbD) is a principle in software engineering which focuses on baking security in the design phase instead of doing it later on the software development lifecycle (SDLC). Resulting in products which are secure from the start and more resilient to potential cyber attacks. ‍ This principle is being adopted and even mandated by certain organizations such as CISA, which states 'Every technology provider must take ownership at the executive level to ensure their products are secure by design'. In the UK, these principles are mandatory for government departments; 'The foundations required for embedding cyber security practices in digital delivery and building resilient digital services.' This approach is becoming more popular and widely used due to a need for increased cybersecurity to manage risk, anticipate and respond to vulnerabilities, while creating a secure and reliable product or service. Added pressure on busy Developers Development teams continue to be under pressure to develop secure code, however they have time restraints and are not security professionals. Going back and forth to security teams not only slows down development, it adds frustration to developers, especially when the ratio of Development to Security is usually very high, with a small number of security people to a high quantity of developers. Adding in another layer of security with SbD, can feel like an impossible task. Conversational security for your developers - Bex AI The developers writing the code for these products and services are talented at what they do, but are not cybersecurity experts. With Bex AI, while they are at the inception of their code, application or idea, they can receive real-time feedback and security considerations with SbD principles. Resulting in an end product which is secure by design - even before it has gone through proactive security techniques such as threat modeling. Even if the developer is good at security (e.g. a Security Champion), Bex can help with blindspots and other things that may not have been considered. FAQs What is the primary purpose of Bex AI? keyboard_arrow_down Bex AI helps you to build applications and services that are secure by design, because it embeds security guidance straight into the tool you use to collaborate on the design - Jira. How does Bex AI help developers improve code security? keyboard_arrow_down By giving you insight into the risk associated with your Jira tasks, as well as recommending actions that you can take immediately to improve the security of your application. Can Bex AI be used by developers with no security experience? keyboard_arrow_down Absolutely! Bex AI does not require any security experience, it gives you the security guidance you need in a way that is easy to understand and act on. And if you have questions, you can always just tag Bex AI in a comment to continue the conversation. How does Bex AI provide real-time security feedback? keyboard_arrow_down Bex AI automatically analyzes the security risk of your Jira task, giving you an easy to understand risk rating. It also gives you a summary of the risk as well as suggested changes to the Jira task description that would clarify the security posture. Bex AI will also generate recommended actions to take to improve the security, along with the threat context and implementation details such as source code examples. How do I integrate Bex AI with Jira? keyboard_arrow_down Simply install Bex AI from the Atlassian marketplace here. Does Bex AI support Jira Cloud and Data Center? keyboard_arrow_down Bex AI is currently only available for Jira Cloud. How do I trigger security assessments using Bex AI? keyboard_arrow_down These happen automatically when the Bex AI plugin is loaded for a Jira task for the first time. You can later regenerate the assessment at the click of a button. What types of security risks does Bex AI detect? keyboard_arrow_down Virtually anything, depending on the context of the Jira task. If the task is about implementing a web form, you'll get recommendations related to protecting forms. If it is about building a cloud service, it'll give you recommendations about cloud controls. Can Bex AI be used to assess all types of Jira issues? keyboard_arrow_down Yes, Bex AI will work with any issue type including Epics, Tasks, and Stories. Does Bex AI generate detailed security reports? keyboard_arrow_down No, Bex AI is focused on helping developers take action to improve security as early and as easily as possible. It is not a replacement for compliance or security reports. How long does Bex AI take to respond to security queries? keyboard_arrow_down Generating the security rating takes just a few seconds. Creating the recommended actions can take a minute or two because behind the scenes we're assessing potential attacks, rating them, identifying potential mitigations, rating them, then giving you the ones that matter. What security frameworks does Bex AI follow? keyboard_arrow_down Bex AI does not formally follow any security frameworks, although it is very compatible with most threat modeling and Secure by Design activities. How often are Bex AI's security recommendations updated? keyboard_arrow_down Whenever you've asked for them to be updated. After some time you may want to generate a new set of recommended actions. This might be because some have been implemented, or because the context of the Jira tasks has changed. Does Bex AI store sensitive project data? keyboard_arrow_down Bex AI only stores Jira information and the generated content for 30 details to ensure we're delivering the best quality guidance. Your Jira data is sent to OpenAI and they store it for 30 days, but your data is not used to train any AI models. Can Bex AI be customized for specific security requirements? keyboard_arrow_down No, our focus is on ease of use and simplicity. There is no configuration required, just install Bex AI and you're ready to go. What are the Secure by Design (SbD) principles in Bex AI? keyboard_arrow_down Secure by Design (SbD) is a principle in software engineering which focuses on baking security in the design phase instead of doing it later on the software development lifecycle (SDLC). Resulting in products which are secure from the start and more resilient to potential cyber attacks. This principle is being adopted and even mandated by certain organizations such as CISA, which states 'Every technology provider must take ownership at the executive level to ensure their products are secure by design'. In the UK, these principles are mandatory for government departments; 'The foundations required for embedding cyber security practices in digital delivery and building resilient digital services.' This approach is becoming more popular and widely used due to a need for increased cybersecurity to manage risk, anticipate and respond to vulnerabilities, while creating a secure and reliable product or service. How does Bex AI handle complex security vulnerabilities? keyboard_arrow_down Bex AI is able to understand the entire context of the Jira task, and so can infer the best recommendations given the available context. Bex AI is not designed to replace traditional approaches to threat modeling, where you may need to model and visualize inter-connected systems at a high level. Complex vulnerabilities that arise as a result of different disparate systems working together can be identified by threat modeling. Having said that, if your Jira task such as an Epic describes this high level context (and isn't for example a detailed task or user story), then Bex AI will also identify high-level threats and recommended actions. Is Bex AI suitable for large development teams? keyboard_arrow_down Yes! Bex AI can work for individuals as well as large development departments, because it is centered around the Jira tasks. Can Bex AI integrate with other developer tools besides Jira? keyboard_arrow_down Not at the moment. What kind of support is available for troubleshooting Bex AI? keyboard_arrow_down If you need help with Bex AI, check out our website. If you're still having issues, you can contact our support team here. What is the Service Level Agreement for Bex AI? keyboard_arrow_down Support for Bex AI is available during usual business hours, Monday to Friday from 9am to 5pm CET. We aim to fix major issues within 48 hours. If you need help contact us via the Contact Us form. If you give a dam about security... Give Bex a try. Available now as a plug in on Jira, just click below and start making your design secure from the get go. Get Bex now Product Threat Modeling Tool IriusRisk Reporting Integrations Content Library Updates Get Started Pricing Services Free Community Version Book a Demo Solutions Building Secure Software Infrastructure as Code Case Studies Regulation & Compliance AI & Machine Learning Secure by Design Industry Financial Services Operational Technology Medical Devices Public Services Technology Role CISO Security Teams Developers Resources Blog Events Webinars Guides & eBooks Forrester Study Customer Updates Newsletter sign up About Us Our Story Partners Leadership Team Technical Advisory Board Careers Trust, Legal & Security Hub Contact Subscribe to our newsletter Legal | Privacy Policy | Cookie Policy