WebApp Sec mailing list archives
Re: Threat Modeling
From: Adrian Wiesmann <awiesmann () swordlord org>
Date: Sat, 22 May 2004 00:37:42 +0200
_However_ I can recommend a software product called CRAMM. I don't know if you've used it, but basically it's a tool developed by HMG in Cheltenham. The great thing about it, and the reason it costs 4,000 GBP is that it contains a database of over 3000 threats, vulnerabilities and countermeasures.
IMHO this sounds a little bit overpriced to me, for I guess most of that information is common knowledge already. Although I do not know that specific content. As mentioned in a post before, one of the goals of the open source project: Security Officers Management and Analysis Project (www.somap.org) is to build such a repository containing all the relevant informations. The database/repository will then be published under an open source licence (FDL). SOMAP is currently in negotiation with an organisation for an initial fill (and consecutive bidirectional update) of that repository. There is not much right now for the project only started. But if anybody is interested, just drop me a note. Regards, Adrian
Current thread:
- Threat Modeling Mark Curphey (May 18)
- Re: [BAD-DATE] Threat Modeling D. Höhn (May 19)
- Re: Threat Modeling Ivan Ristic (May 20)
- RE: Threat Modeling Mikael Brejcha (May 24)
- <Possible follow-ups>
- RE: Threat Modeling Michael Howard (May 20)
- RE: Threat Modeling aporia (May 20)
- RE: Threat Modeling Mark Curphey (May 20)
- Re: Threat Modeling Ivan Ristic (May 21)
- Re: Threat Modeling Frank O'Dwyer (May 21)
- Re: Threat Modeling Adrian Wiesmann (May 21)
- Re: Threat Modeling Adrian Wiesmann (May 21)
- RE: Threat Modeling Dan Morrill (May 20)
- Re: Threat Modeling Matthew Franz (May 20)
- RE: Threat Modeling Dan Morrill (May 21)
- RE: Threat Modeling Michael Howard (May 21)
- RE: Threat Modeling Harbar, Spencer J. (May 25)
- Re: Threat Modeling Chris Scott (May 26)