Security Compass has officially launched SD Elements 2024.4, available starting January 11, 2025. This release introduces valuable updates to help security and engineering teams scale their efforts and effectively manage risks in their software projects.
Key enhancements in SD Elements 2024.4 include:
- Support for scanning in-house repositories
- Improved interface for customizing countermeasures in the SD Elements Library
- Deactivate unnecessary Library weaknesses via UI, API, Import/Export, or content packs
- Text2Threat, an AI-powered feature, available for beta customers
- Support for MITRE ATT&CK framework
- Detailed implementation guidelines and enhanced content for AI/ML tools
- Additional content added to the SD Elements library, including guidance for complying with US and international privacy laws, plus additional EU cybersecurity laws
Scan a Repository Enhancements – On-Site Scanning
In previous releases, we introduced the capability to generate security requirements by scanning GitHub and GitLab repositories. With the 2024.4 release, customers can scan in-house repositories or connect external integrations through RIA.
Security Compass provides an on-site script for running scans, with results uploaded to SD Elements via a JSON file through the UI or API. These enhancements enable users of in-house or non-traditional Git platforms to quickly model applications and generate security and compliance requirements more efficiently.
Improved UI for Library Countermeasures
The 2024.4 release introduces an improved user experience for customizing countermeasures in the SD Elements Library. The updated interface offers a more intuitive design with more precise guidance, helping improve productivity and ensure countermeasures are correctly optimized.
Deactivate a Library Weakness
The 2024.4 release allows users to deactivate a Library weakness via the UI, API, Import/Export, or content packs. This ensures that unnecessary content is no longer active when it’s no longer needed, eliminating the need to work around outdated items.
Text2Threat Beta
In 2024.4, we are introducing a new feature for customers participating in our beta program. Text2Threat in SD Elements enables customers to generate security controls directly from existing written documentation. By entering text or uploading documents like .doc files or PDFs, users can quickly convert their existing artifacts into actionable security models, reducing setup time and accelerating their ability to integrate security into development. To join the beta, please reach out to [email protected].
Support for MITRE ATT&CK Framework
In the 2024.4 release, SD Elements will support the MITRE ATT&CK framework. This enables customers to align their security measures with the framework, helping them identify blind spots and improve the consistency and visibility of their security practices. Within the MITRE ATT&CK framework, techniques are mapped to SD Elements threats (linked to countermeasures), while mitigations are mapped directly to SD Elements countermeasures.
Additional Components Added to the Library
In 2024.4, a number of new components were added to the survey and as diagram components. These include popular AWS services, SaaS tools like Snowflake, and additional client-side components. These additions allow SD Elements users to broaden their platform usage to identify weaknesses, vulnerabilities, and countermeasures across a greater portion of their environment.
Implementation Guidelines & Enhanced Content for AI/ML Tools
SD Elements already offers security content for many AI/ML tools and frameworks, but some customers could benefit from more detailed technical implementation guidelines. In the 2024.4 release, SD Elements adds implementation guidelines for select AI/ML tools (e.g., TensorFlow, PyTorch) and enhanced content with additional use case examples. These updates help developers and data scientists integrate security into their AI/ML workflows, ensuring secure development practices without disrupting existing processes.
Support for Additional Privacy and Cybersecurity Laws
The 2024.4 release introduces a compliance report to track U.S. state privacy laws, mapping SD Elements countermeasures to state-level requirements. It also includes a report and guidelines for complying with China’s Personal Information Protection Law (PIPL).
Additionally, the release adds countermeasures, compliance reports, and survey responses to help organizations address the Digital Operational Resilience Act (DORA) and the NIS2 Directive.
These updates enable customers to quickly align their security measures with the latest standards, saving time and enhancing security.
Learn More
Security Compass enables you to deliver secure and compliant software by design.
SD Elements helps identify threats and generate security requirements at scale, providing developers with guidance to build secure, compliant software from the start. Security Compass AppSec training combines ISC2-certified courses with hands-on labs to equip developers with the skills to address real-world security threats effectively.
For existing SD Elements customers, please contact your Customer Success Manager for further information about the release.
New to SD Elements? Request a demo to explore how the solution can transform your software security landscape.