Threat Modeling With SAMMY
Shift from legacy GRC to engineering-led Product Risk and Compliance (PRC). Threat modeling is a cornerstone of PRC and a fundamental part of SAMMY.
Why Threat Modeling is the First Pillar of Modern PRC
Automated security scanners are excellent at finding implementation errors, like a broken line of code or a missing semicolon. What they cannot do, however, is spot structural flaws in how your application is architected. This is where threat modeling becomes indispensable.
What is threat modeling? It is a proactive engineering practice that maps out the architecture of systems and data flows across trust boundaries before, during and after code is written, catching design-level vulnerabilities early when they are easiest and cheapest to fix.
With the enforcement of the EU Cyber Resilience Act (CRA), threat modeling is no longer just a secure development best practice, it is a legal mandate. The CRA enforces “Security by Design” and requires software manufacturers to maintain deep technical documentation of their architectural risks, all while adhering to a strict 24-hour window for reporting actively exploited vulnerabilities.
A top-down GRC registry completely lacks the granularity required to track these engineering realities. SAMMY solves this by delivering a built-in threat modeling tool that automatically turns technical design reviews into audit-ready regulatory documentation.
To learn more about navigating these complex legal shifts, explore our dedicated compliance resource at complycra.eu. Or find out more about the emergence of PRC here.
How SAMMY Implements Threat Modeling: A Step-by-Step Walkthrough
We designed the native threat modeling feature in SAMMY to fit naturally into an engineer’s workflow while providing the exact evidence compliance teams need. Here is a look under the hood at how SAMMY streamlines the process:
1. Centralized Product Risk Registry
Your threat modeling journey begins by scoping your digital assets. Within SAMMY’s product index, you can categorize products by business unit, set clear criticality tiers, and define foundational security pillars using the CIA triad (Confidentiality, Integrity, and Availability). This ensures your architecture reviews are dynamically prioritized based on business impact.
Figure 1: Visualizing product scope, name, and confidentiality/integrity/availability criticality matrices in SAMMY.
2. Establishing System Context
Before drawing complex architecture diagrams, teams can document early assumptions and high-level technical constraints in the Context tab. This simple step anchors the threat assessment, giving regulators and incoming developers immediate clarity on the application’s core boundaries.
Figure 2: Defining standard web application context and baseline documentation before mapping threats.
3. Structured Risk Scenarios
Once your data flows are mapped, SAMMY helps you surface systemic design risks. Under the Risk Scenarios tab, potential vulnerabilities are automatically contextualized using the industry-standard STRIDE framework (Spoofing, Tampering, Info Disclosure, Repudiation, Denial of Service, Elevation of Privilege) or any other flavor of your choice. Instead of vague warnings, you get highly specific threat scenarios—such as Account Takeover via Credential Stuffing affecting your HTTPS login flow—complete with granular impact assessments.
Figure 3: Detailed look at automated risk scenarios categorized by STRIDE with assigned priority levels.
4. Interactive Data Flow Diagrams (DFDs)
At the heart of SAMMY’s feature set is an interactive, native diagramming canvas optimized for secure design. Engineers can visually map out exactly how information travels through the system. By drawing rectangles for external entities (like browsers), circles for backend processes, and cylinders for data stores, you instantly visualize your attack surface. Crucially, you can overlay Trust Boundaries to pinpoint exactly where data changes privilege levels.
Figure 4: Built-in DFD editor illustrating the user browser, web server/API process, and database separated by clear trust lines.
5. Definitive Threat Management & Technical Mitigations
Finally, the Threats tab translates high-level architectural risks into actionable engineering tasks. Explicit vulnerabilities like SQL Injection (SQLi), Cross-Site Scripting (XSS), or Session Hijacking are listed alongside their open status, impact, likelihood, and owners. This screen acts as a living ledger of your product’s security posture, proving to compliance officers that technical risks are continuously owned, monitored, and mitigated.
Figure 5: The comprehensive threat management registry tracking mitigation status, impact, likelihood, and ownership.
Verify Once, Comply Many
The ultimate goal of Product Risk and Compliance in SAMMY is Cross-Mapping. Instead of isolating technical data flows in engineering silos and compliance requirements in administrative folders, SAMMY bridges them together.
By feeding your software architecture models, SBOMs, and OWASP SAMM maturity scores into a centralized engine, SAMMY facilitates a “Verify Once, Comply Many” workflow. A single architectural review automatically generates the deep documentation required to satisfy the EU CRA, NIST SSDF, and ISO 21434 simultaneously because they all rely on the same underlying technical facts.
Stop wrestling with legacy GRC spreadsheets. Build resilient software and effortlessly achieve regulatory compliance with native threat modeling in SAMMY.