Release Notes

Signed Installer

Have you ever wondered who’s creating that beauty? It’s us, itemis. Now, you know for sure, since our installers are verified!

Graphing View

We improved a couple of details on the Security Graphing view: We show the level names in the long view, take care for letting the content fit into the boxes, and did some more cleanup of the user interface.

Performance

Furthermore, we have increased performance of analyses that contain multiple layers of controls that RemoveAllDamage. The “accept the effect” paths of controls which remove all damage are no longer considered, vastly reducing the number of paths.

Threatening Data

Threats and controls may now act on data. For that, add “Data” to threat and control classes. You will then be able to reference data to be acted on by threats and controls. You may do that manually, or via the Threat Assistant as expected.

Mitigation Assistant

The Mitigation Assistant, formerly known as Controls Assistant, is now available including some streamlining and bugfixes.

We suggest controls to mitigate the corresponding threat via green indication in the matrix if all of the following conditions are met:

  • The protected Security Property of the Control is threatened by the Threat
  • The Threat and Control share a common Technology
  • Both act on a shared System Element

Various fixes and improvements

  • Creating a new Project Info Chunk shows up correctly in the context menu
  • Security Chunks now have the same icon and color as their default content elements

Open initiative for an exchange format

You might already know our exchange format XSAM. Starting from this, we are launching an initiative to form an open community which aims at establishing a cross-vendor, cross-tool XML-based format for eXchanging Security Analysis Models. We call it openxsam.io and recently talked about it at ASRG. If you are interested in joining the initiative, please contact us at security-analyst@itemis.de.

Additionally, we still have the knowledge base at https://www.security-analyst.org about general security analysis processes and norms.

Migration from earlier Versions

See: Update and Migration Notes

Version Mapping

The following table can be used to determine the Security Analyst version based of the internal plugin version “com.moraad.core” that is stored in the .msd file of every solution:

com.moraad.core” version=”” />

com.moraad.core version Security Analyst version
37 2.5.1
41 2019.2.0
44 2019.3.0
46 2019.3.1
48 2019.4.0
49 2019.4.1
54 2020.2.1
55 2020.1.1
58 2020.2.0
59 2020.2.1
61 2020.3
63 2020.3.1
64 2020.4