More Report Items

We have added several new report items that can be added to a report template. All elements of the assessment model can be included in the report now. Furthermore, we have added more information to existing report items (e.g. rationales, stored/transferred data, consecutive risk factors and explicit attack effort).

Modelling Assistants

The new Threat Assistant supersedes the old Threat Assessment Queries. The Suggestion Overview has been split up for this purpose: there are three modelling assistants now:

  • Security Goal Assistant (-> Asset Identification)
  • Threat Assistant (-> Threat Identification)
  • Relation Assistant (-> Dependencies between Security Goals and Threat Analysis)

We have also improved the logic when the “Refresh” button of an Assistant is press. If a suggestion has been rejected, this information is never removed from the model. This ensures that the rationale that has been given for the rejection is never removed.

System Diagram Layouting

Users have more control over the layout of the system diagram. It is now possible to place ports on arbitrary sides of a component. Previously, output ports had to be on the right and input ports on the left. This constraint can still be activated in the diagram options. Furthermore, the auto-layout can be directed to keep ports on the side where the user has placed it. Check the “Lock Ports” option next to the Auto Layout button to activate this feature.

Risk Factor Level Inheritance

We have fixed the inheritance of risk factor levels. Previously, explicitly set risk factors of a threat or control where overwritten when the user changed the instantiated threat class or control class. Furthermore, when an inherited risk factor of the class was changed, this change was not reflected in the instantiating threat or control. Now, explicitly set risk factors are not overwritten silently. Explicitly set risk factors are stronger (black) than inherited risk factors (gray). Inherited risk factors change corresponding to the inherited class.

Various Fixes and Improvement

  • Fixed error when changing the root component in the system diagram
  • Fixed broken table view if margin comments were placed in the document
  • Improved the way how users enter data at Threat#threatens and Control#mitigates
  • Smaller performance improvements