-
**Describe the improvement you would like to see**
Currently enum values are stored as ints in the database rather than strings. It would be easier to store these as strings automatically which can b…
-
Hi Team,
we have developed OVVL: https://github.com/OVVL-HSO/OVVL-Webapp
OVVL -> Open Weakness and Vulnerability Modeller
A STRIDE-based threat modelling tool that integrates CVEs. So you c…
-
**Motivation**
- `fd.name`: if the `fd.type` represents a file or directory, the `fd.name` field contains the full path. If the path is not already an absolute path, a custom traversal parser can b…
-
- Site: [https://threatdragon.github.io](https://threatdragon.github.io)
**New Alerts**
- **Cross-Domain Misconfiguration** [10098] total: 11:
- [https://threatdragon.github.io/](https://thr…
-
It looks very difficult to know what to check in 1.1.1 as it is open to interpretation and non-repeatable.
Suggestion to rewrite to something more tangible: "Verify that threats have been identified …
-
Original issue: https://github.com/18F/fedramp-automation/issues/259
**Extended Description**
As a FedRAMP reviewer, in order to have clearer understanding of what is implemented right, what is impl…
-
Avoid the disconnect between seeing the value in threat modeling and actually doing it with coaching, collaboration, and integration. Key to making it "everybody's thing" is communication between se…
-
Description: I think it could be helpful to outline our thoughts about how to do a security assessment in a form others can review. This could also include what the assessments are and are not good f…
-
Penetration testing not only serves to triage and validate other defect discovery activities, it informs risk management activities, such as threat modeling and secure design.
-
Penetration testing not only serves to triage and validate other defect discovery activities, it informs risk management activities, such as threat modeling and secure design.