ThreatModeler does not provide a specific definition for risk levels. It depends on the organization’s requirements and policies. Our in-house TRC defines the risk based on the description of the threat from CAPEC, OWASP, and WASC. If you feel a risk rating is not desired, you can change the rating for it.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.