Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reinstate automated generation of threats by element #792

Closed
jgadsden opened this issue Nov 20, 2023 · 6 comments · Fixed by #1033
Closed

Reinstate automated generation of threats by element #792

jgadsden opened this issue Nov 20, 2023 · 6 comments · Fixed by #1033
Assignees
@mohamedselbohy
Labels
enhancement New feature or request GSoC Google Summer of Code theat engine version-2.3
Milestone
Threat Engine

Comments

@jgadsden
Copy link
Collaborator

Describe what problem your feature request solves:
Version 1.x has a feature where the threats are suggested by element, for example if STRIDE:

STRIDE per element
          S | T | R | I | D | E
ACTOR   | X |   | X |   |   |
STORE   |   | X | X | X | X |
PROCESS | X | X | X | X | X | X
FLOW    |   | X |   | X | X |

Describe the solution you'd like:
Reinstate automated generation of threats by element

Additional context:
@jgadsden jgadsden added enhancement New feature or request theat engine labels Nov 20, 2023
@ryeqb
Copy link

ryeqb commented Dec 21, 2023

@jgadsden I'm curious, was this feature removed/deprecated in 2.x for any particular reason?

@jgadsden
Copy link
Collaborator Author

Well, only because we just did not have the engineering resource to implement it
Version 2.x is (almost) a complete rewrite of version 1.6.1, and some features we really wanted but could not get the time to do them - such as automated generation of threats by element
If you have some time to do this @ryeqb it would be very good to have

@ryeqb
Copy link

ryeqb commented Dec 22, 2023
edited
Loading

@jgadsden Im in the process of writing my bachelors thesis on templating threat models for IoT architectures and having had a quick look at Microsofts threat modeling tool, not having automated threat generation definitely stuck out. So did this the existing issue of non-existent templates given that's my thesis' goal #220

Hope I can help tackling both issues to some degree

@jgadsden
Copy link
Collaborator Author

Absolutely good to have any help you can on both these issues @ryeqb
Say if you want me to assign an issue to you
Awesome degree thesis by the way 👍🏾

@jgadsden jgadsden mentioned this issue Feb 5, 2024
Closed
@jgadsden jgadsden added the GSoC Google Summer of Code label Feb 7, 2024
@dheerajsingh89 dheerajsingh89 self-assigned this Feb 21, 2024
@jgadsden
Copy link
Collaborator Author

This is a Google Summer of Code project, and the application dates for GSoC contributors are between March 18th and April 2nd

@abhayporwals
Copy link
Collaborator

Hi, @jgadsden! I am interested to contribute this issue under Gsoc. I am looking for some help from you to understand that issue deeply. So, that I can create an outline for the remedy. 🙂
As mentioned the threats by element functionality available in v1.x but not in 2.x!
I tried both the versions 2.2.0 and 1.6.1 -
The difference I found is that -

In version 2.2.0 -
image

In version 1.6.1 -
image

Can you help me by providing more exposure to it, please?

@mohamedselbohy mohamedselbohy mentioned this issue Jun 19, 2024
Closed
@jgadsden jgadsden added this to the Threat Engine milestone Jul 15, 2024
@jgadsden jgadsden mentioned this issue Jul 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mohamedselbohy mohamedselbohy

Labels
enhancement New feature or request GSoC Google Summer of Code theat engine version-2.3
Projects
None yet
Milestone
Threat Engine
Development

Successfully merging a pull request may close this issue.

Merging threat by element type feature into main OWASP/threat-dragon
5 participants
@jgadsden @ryeqb @abhayporwals @dheerajsingh89 @mohamedselbohy