-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Mark Curphey wrote:
| Does anyone have any experience with the OCTAVE threat modeling
methodology
| from CMU ?
nope :)
|
| What threat modeling methodology do you use and why ?
|
Well, it might be old and not feature complete but I deem Attack Trees a
very valuable tool: http://www.schneier.com/paper-attacktrees-ddj-ft.html
The methodoligy behind attack trees is rather simple and that simplicity
makes the whole process rather trivial. The complexity of a threat can
be modelded into different layers, their dependencies can be better
analyses and a conclusion is easier reached imho.
| Any links to any free threat modeling tools out there ?
|
Again I cannot help. My tool usese GRaphViz and a bit of perl Magick
along with a SQlite database to do what I want for Attack Tree Threat
modeling.
- -d
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
Hash: RIPEMD160
Mark Curphey wrote:
| Does anyone have any experience with the OCTAVE threat modeling
methodology
| from CMU ?
nope :)
|
| What threat modeling methodology do you use and why ?
|
Well, it might be old and not feature complete but I deem Attack Trees a
very valuable tool: http://www.schneier.com/paper-attacktrees-ddj-ft.html
The methodoligy behind attack trees is rather simple and that simplicity
makes the whole process rather trivial. The complexity of a threat can
be modelded into different layers, their dependencies can be better
analyses and a conclusion is easier reached imho.
| Any links to any free threat modeling tools out there ?
|
Again I cannot help. My tool usese GRaphViz and a bit of perl Magick
along with a SQlite database to do what I want for Attack Tree Threat
modeling.
- -d
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAqvUhPMoaMn4kKR4RAw1qAKCS98zNfbT0sc9lYM9X8IVB6uz6JQCgj6Sf
vJDEM3RWO1qKxouxTrE8Mto=
=TBmh
-----END PGP SIGNATURE-----
[ reply ]