We improved a couple of details on the Security Graphing view: We show the level names in the long view, take care for letting the content fit into the boxes, and did some more cleanup of the user interface.
Furthermore, we have increased performance of analyses that contain multiple layers of controls that RemoveAllDamage. The “accept the effect” paths of controls which remove all damage are no longer considered, vastly reducing the number of paths.
Threats and controls may now act on data. For that, add “Data” to threat and control classes. You will then be able to reference data to be acted on by threats and controls. You may do that manually, or via the Threat Assistant as expected.
The Mitigation Assistant, formerly known as Controls Assistant, is now available including some streamlining and bugfixes.
We suggest controls to mitigate the corresponding threat via green indication in the matrix if all of the following conditions are met:
- The protected Security Property of the Control is threatened by the Threat
- The Threat and Control share a common Technology
- Both act on a shared System Element
Various fixes and improvements
- Creating a new Project Info Chunk shows up correctly in the context menu
- Security Chunks now have the same icon and color as their default content elements
Open initiative for an exchange format
You might already know our exchange format XSAM. Starting from this, we are launching an initiative to form an open community which aims at establishing a cross-vendor, cross-tool XML-based format for eXchanging Security Analysis Models. We call it openxsam.io and recently talked about it at ASRG. If you are interested in joining the initiative, please contact us at firstname.lastname@example.org.
Additionally, we still have the knowledge base at https://www.security-analyst.org about general security analysis processes and norms.
Migration from earlier Versions
See: Update and Migration Notes
The following table can be used to determine the Security Analyst version based of the internal plugin version “com.moraad.core” that is stored in the .msd file of every solution:
com.moraad.core” version=”” />
||Security Analyst version