The Mozilla Foundation, best known for its popular Firefox web browser, has teamed up with a bunch of university graduates to develop a free, online ‘threat modelling’ tool it says can help system administrators to understand the risks faced by their networks.

Called “SeaSponge”, the HTML5 tool was created as an open-source project under Mozilla’s Winter of Security initiative. They built it because they believe that threat modelling is often ignored in the software development lifecycle, despite being a very important aspect of security design. Its designers believe it could replace the free Threat Modelling Tool offered by Microsoft.

SeaSponge was built by Saint Mary’s University grads Sarah MacDonald, Joel Kuntz, and Glavin Wiechert. “SeaSponge allows you to model a system so that potential threats and risks can be identified,” MacDonald said in an interview with The Register. “It supports multiple diagrams to model logical sections of your system in separate locations. Each diagram contains data flows and hardware and logical components.”

SeaSponge has been built on the Angularjs; jsPlumb; Bootstrap; CoffeeScript; Grunt; Bower, and Compass programming languages, and because it’s a web-based tool, can work in all browsers and with all operating systems. Nevertheless, SeaSponge is still in its early stages of development – for that reason, MacDonald and his partners are calling on interested developers to help by contributing more code to the project.

Those who’re interested in tinkering with SeaSponge can download the software from GitHub or check out this live demo to see more.

Image credit: Geralt via Pixabay.com