Release Notes

Knowledge Base

Additional information, tips and tricks can now be accessed under https://www.security-analyst.org. Since the last release we have added a couple of new articles. Please have a look!

Important Changes

Windows Installer

We have replaced the .zip file for Microsoft Windows by an installer in order to improve installation experience. You still do not need an administrator account to install YAKINDU Security Analyst (now itemis SECURE). If you don’t have administrator rights, the application will be installed into the home directory of your user account by default. If you are an administrator, the application is installed into “C:Program FilesSecurity Analyst”. Of course you can change the installation directory to any other location.

Unique element names

All main elements have two fields for identification: a name and a title (furthermore, there’s an internal ID that cannot be changed by the user easily). The name should be really short, unique for the project and does not have to be very expressive. It is auto-generated based on a pattern for each element type. The title should be expressive and may be much longer (we recommend to keep it shorter than 50 characters, though). Name and title are always displayed together, except for places where space is limited. In this case the title is displayed in a tooltip.

We have introduced a warning and an error message to ensure that names are not ambiguous. Multiple elements with the same name will now result in a warning, if their type is different and an error if their type is identical.

Examples in public git repository

The examples shipped with the tool are now available via GitHub. When you open one of the shipped examples, a notification popup might appear telling you to download git. We highly recommend to do so. It is one of the major benefits of version 2020.1.1 that projects can easily be shared and versioned based on Git or SVN. We kindly invite you to try out the possibilities of this feature with our example repository.

Inline Damage Scenario creation

Asset identification, as part of the default workflow for ISO 21434, is now integrated better with the identification of damage scenarios. The corresponding assistant now supports assigning existing or new damage scenario to created security objectives.

Various Fixes and Improvements

  • Various fixes in tutorial
  • In the Graphing view, operations like “and” and “or” are now displayed by default
  • Fixed risk level calculation for elements combined with others in one attack path
  • Changed table-view button: it is now always visible, but “grayed out” if no table-view is defined for the chunk. It also has a new icon.Table View Icon
  • Renamed “refined by” relation of threats to “prepared by” in default terminology profiles
  • Fixed deletion behaviour in assistants
  • Fixed display problems and risk count in risk distribution chart
  • Fixed that crosslinks in descriptions could not be resolved in some cases
  • Fixed bug with “Add Threat Class” context assistant
  • Added some missing icons
  • Fixed completion menu for empty Security Analysis Chunk
  • Improved background color of displayed levels

image of Improved background color of displayed levels

Migration from earlier Versions

Migration from Versions 1.2.5 and later

If you open a project created with version 1.2.5, 2019.2 and later it will be migrated automatically. However, in some cases you have to select “Ignore and Continue” for problems found by the Migration Assistant:

imagein some cases you have to select “Ignore and Continue” for problems found by the Migration Assistant

Please select “Stop Migration“ in the first place to learn more about detected problems. All found issues will be shown in the bottom-left corner of the main window:

All found issues will be shown in the bottom-left corner of the main window

If you only see problems of the type “unknown language feature” stating “Missing link: …” like in the screenshot above, you can safely ignore them. Just re-run the Migration Assistant from the main menu (Migration -> Run Migration Assistant) and select “Ignore and Continue”. As always, contact us for support on security-analyst@itemis.de if you need any help.

Migration from Version 1.2.4 and earlier

It is not possible to open projects created with version 1.2.4 and earlier in 2019.2+. You will see the following dialog when opening such an old project:

It is not possible to open projects created with Security Analyst 1.2.4 and earlier in Security Analyst 2019.2+

In this case, please download version 1.2.5 by clicking “Download 1.2.5 …”. Then, open the project with the downloaded version and follow the Migration Assistant that pops up automatically. After the migration has completed you can open the project with the latest Version 2019.3.