jlelong
commented
1 year ago Calling the formatter directly from the command palette works fine but format on save is broken. It looks like the formatting provider is not properly registered.
Closed linits closed 1 year ago
jlelong
commented
1 year ago Calling the formatter directly from the command palette works fine but format on save is broken. It looks like the formatting provider is not properly registered.
linits
commented
1 year ago Calling the formatter directly from the command palette works fine but format on save is broken. It looks like the formatting provider is not properly registered.
Unfortunately, the formatter from the command palette does not work for my Bibtex file either. I will attach the unformatted contents of the file below:
@online{blogpost:clancy:mitre-att-ck:2022,
type = {Blog},
title = {{{MITRE ATT}}\&{{CK}}: {{Meaning}}, {{Uses}}, and {{Benefits}}},
shorttitle = {{{MITRE ATT}}\&{{CK}}},
author = {Clancy, Ryan},
date = {2022-12-22},
url = {https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/mitre-attack-uses-benefits/},
urldate = {2023-03-23},
language = {en},
organization = {{Cybersecurity Exchange}}
}
@online{blogpost:kirtley:stride-threat-modeling:2022,
type = {Blog},
title = {{{STRIDE Threat Modeling}}},
author = {Kirtley, Nick},
date = {2022-07-24},
url = {https://threat-modeling.com/stride-threat-modeling/},
urldate = {2023-02-03},
language = {en},
organization = {{Threat-Modeling.com}}
}
@online{blogpost:kirtley:threat-modeling-methods:2022,
type = {Blog},
title = {Threat {{Modeling Methods}}},
author = {Kirtley, Nick},
date = {2022-07-28},
url = {https://threat-modeling.com/threat-modeling-methods/},
urldate = {2023-02-01},
language = {en},
organization = {{Threat-Modeling.com}}
}
@online{blogpost:kirtley:threat-modeling-terminology:2022,
type = {Blog},
title = {Threat {{Modeling Terminology}}},
author = {Kirtley, Nick},
date = {2022-12-27},
url = {https://threat-modeling.com/threat-modeling-terminology/},
urldate = {2023-02-03},
language = {en},
organization = {{Threat-Modeling.com}}
}
@online{blogpost:preston:phases-system-development:2022,
title = {7 {{Phases}} of the {{System Development Life Cycle Guide}}},
shorttitle = {System {{Development Life Cycle Guide}}},
author = {Preston, Mark},
date = {2022},
url = {https://www.clouddefense.ai/blog/system-development-life-cycle},
urldate = {2023-02-17},
language = {en},
organization = {{7 Phases of the System Development Life Cycle Guide}}
}
@online{blogpost:versprite:pasta-threat-modeling:2021,
title = {{{PASTA Threat Modeling}} - {{Breaking Down All}} 7 {{Steps}}},
author = {VerSprite},
date = {2021},
url = {https://versprite.com/blog/what-is-pasta-threat-modeling/},
urldate = {2023-02-19},
language = {en},
organization = {{VerSprite Cybersecurity Consulting Services}}
}
@book{book:alsmadi:nice-cyber-security:2019,
title = {The {{NICE Cyber Security Framework}}: {{Cyber Security Intelligence}} and {{Analytics}}},
shorttitle = {The {{NICE Cyber Security Framework}}},
author = {Alsmadi, Izzat},
date = {2019-01-24},
edition = {1},
publisher = {{Springer International Publishing}},
location = {{San Antonio, TX, USA}},
doi = {10.1007/978-3-030-02360-7},
isbn = {978-3-030-02360-7},
language = {en},
pagetotal = {354},
keywords = {Communications Engineering; Networks,Computer security,Computers,Electrical engineering,Information Systems and Communication Service,Security Science and Technology,System safety,Systems and Data Security}
}
@book{book:applebaum:getting-started-att:2019,
title = {Getting Started with {{ATT}}\&{{CK}}},
author = {Applebaum, Andy and Nickels, Katie and Schulz, Tim and Strom, Blake and Wunder, John},
editor = {Pennington, Adam},
date = {2019},
publisher = {{The MITRE Corporation}},
url = {https://www.mitre.org/sites/default/files/publications/mitre-getting-started-with-attack-october-2019.pdf},
urldate = {2022-12-12},
language = {en},
pagetotal = {45},
keywords = {adversary emulation,cybersecurity,MITRE,MITRE ATT&CK,network security,red team,threat-informed defense}
}
@book{book:palacin:practical-threat-intelligence:2021,
title = {Practical Threat Intelligence and Data-Driven Threat Hunting: A Hands-on Guide to Threat Hunting with the {{ATT}}\&{{CK}} Framework and Open Source Tools},
shorttitle = {Practical Threat Intelligence and Data-Driven Threat Hunting},
author = {Palacín, Valentina},
date = {2021-02-12},
edition = {1},
publisher = {{Packt Publishing}},
isbn = {978-1-83855-637-2},
language = {en},
pagetotal = {398}
}
@book{book:shostack:threat-modeling-designing:2014,
title = {Threat {{Modeling}}: {{Designing}} for {{Security}}},
shorttitle = {Threat Modeling},
author = {Shostack, Adam},
date = {2014-04-17},
publisher = {{Wiley}},
location = {{Indianapolis, IN}},
isbn = {978-1-118-80999-0},
language = {en},
pagetotal = {624},
keywords = {Computer networks,Computer networks / Security measures,Computer security,Computer software,Computer software / Development,Computersicherheit,Development,Security measures,Software Engineering}
}
@book{book:tarandach:threat-modeling-practical:2020,
title = {Threat Modeling: {{A}} Practical Guide for Development Teams},
shorttitle = {Threat Modeling},
author = {Tarandach, Izar and Coles, Matthew J.},
date = {2020-11-24},
edition = {1},
publisher = {{O'Reilly Media, Inc.}},
url = {https://www.oreilly.com/library/view/threat-modeling/9781492056546/},
isbn = {978-1-4920-5655-3},
language = {en},
pagetotal = {252}
}
@book{book:ucedavelez:risk-centric-threat:2015,
title = {Risk {{Centric Threat Modeling}}: {{Process}} for {{Attack Simulation}} and {{Threat Analysis}}},
shorttitle = {Risk {{Centric Threat Modeling}}},
author = {UcedaVélez, Tony and Morana, Marco M.},
date = {2015-05-15},
edition = {1},
publisher = {{John Wiley \& Sons, Inc}},
location = {{Hoboken, New Jersey, USA}},
doi = {10.1002/9781118988374},
url = {http://doi.wiley.com/10.1002/9781118988374},
urldate = {2023-03-11},
isbn = {978-1-118-98837-4},
language = {en},
pagetotal = {693}
}
@incollection{booksection:alsmadi:cyber-threat-analysis:2019,
title = {Cyber {{Threat Analysis}}},
booktitle = {The {{NICE Cyber Security Framework}}: {{Cyber Security Intelligence}} and {{Analytics}}},
author = {Alsmadi, Izzat},
date = {2019-01-24},
edition = {1},
pages = {205--242},
publisher = {{Springer International Publishing}},
location = {{San Antonio, TX, USA}},
doi = {10.1007/978-3-030-02360-7_9},
url = {http://link.springer.com/10.1007/978-3-030-02360-7_9},
isbn = {978-3-030-02360-7},
language = {en}
}
@inproceedings{conferencepaper:aksu:quantitative-cvssbased-cyber:2017,
title = {A Quantitative {{CVSS-based}} Cyber Security Risk Assessment Methodology for {{IT}} Systems},
booktitle = {2017 {{International Carnahan Conference}} on {{Security Technology}} ({{ICCST}})},
author = {Aksu, M. Ugur and Dilek, M. Hadi and Tatli, E. Islam and Bicakci, Kemal and Dirik, H. Ibrahim and Demirezen, M. Umut and Aykir, Tayfun},
date = {2017-10},
publisher = {{IEEE}},
location = {{Madrid, Spain}},
doi = {10.1109/CCST.2017.8167819},
url = {http://ieeexplore.ieee.org/document/8167819/},
urldate = {2023-01-02},
eventtitle = {2017 {{International Carnahan Conference}} on {{Security Technology}} ({{ICCST}})},
isbn = {978-1-5386-1585-0},
language = {en}
}
@inproceedings{conferencepaper:datta:cyber-threat-analysis:2017,
title = {Cyber {{Threat Analysis Framework}} for the {{Wind Energy Based Power System}}},
booktitle = {Proceedings of the 2017 {{Workshop}} on {{Cyber-Physical Systems Security}} and {{PrivaCy}}},
author = {Datta, Amarjit and Rahman, Mohammad Ashiqur},
date = {2017-11-03},
pages = {81--92},
publisher = {{Association for Computing Machinery}},
location = {{Dallas Texas USA}},
doi = {10.1145/3140241.3140247},
url = {https://dl.acm.org/doi/10.1145/3140241.3140247},
eventtitle = {{{CCS}} '17: 2017 {{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}},
isbn = {978-1-4503-5394-6},
language = {en}
}
@inproceedings{conferencepaper:khan:stridebased-threat-modeling:2017,
title = {{{STRIDE-based}} Threat Modeling for Cyber-Physical Systems},
booktitle = {2017 {{IEEE PES Innovative Smart Grid Technologies Conference Europe}} ({{ISGT-Europe}})},
author = {Khan, Rafiullah and McLaughlin, Kieran and Laverty, David and Sezer, Sakir},
date = {2017-09},
publisher = {{IEEE}},
location = {{Turin, Italy}},
doi = {10.1109/ISGTEurope.2017.8260283},
url = {http://ieeexplore.ieee.org/document/8260283/},
urldate = {2023-03-10},
eventtitle = {2017 {{IEEE PES Innovative Smart Grid Technologies Conference Europe}} ({{ISGT-Europe}})},
isbn = {978-1-5386-1953-7},
language = {en}
}
@inproceedings{conferencepaper:naagas:threatdriven-approach-modeling:2018,
title = {A {{Threat-Driven Approach}} to {{Modeling}} a {{Campus Network Security}}},
booktitle = {Proceedings of the 6th {{International Conference}} on {{Communications}} and {{Broadband Networking}}},
author = {Naagas, Marlon A. and Palaoag, Thelma D.},
date = {2018-02-24},
pages = {6--12},
publisher = {{ACM}},
location = {{Singapore Singapore}},
doi = {10.1145/3193092.3193096},
url = {https://dl.acm.org/doi/10.1145/3193092.3193096},
eventtitle = {{{ICCBN}} 2018: {{The}} 6th {{International Conference}} on {{Communications}} and {{Broadband Networking}}},
isbn = {978-1-4503-6360-0},
language = {en}
}
@inproceedings{conferencepaper:ruffy:stridebased-security-architecture:2016,
title = {A {{STRIDE-based Security Architecture}} for {{Software-Defined Networking}}},
booktitle = {Proceedings of the {{Fifteenth International Conference}} on {{Networks}}},
author = {Ruffy, Fabian and Hommel, Wolfgang and family=Eye, given=Felix, prefix=von, useprefix=true},
date = {2016-02},
pages = {95--101},
publisher = {{IARIA}},
location = {{Lisbon, Portugal}},
url = {https://www.ruffy.eu/papers/ruffy_icn2016.pdf},
urldate = {2022-12-12},
eventtitle = {{{ICN}} 2016 - {{The Fifteenth International Conference}} on {{Networks}}},
isbn = {978-1-61208-450-3},
language = {en}
}
@inproceedings{conferencepaper:seale:meddevrisk-risk-analysis:2018,
title = {{{MedDevRisk}}: {{Risk Analysis Methodology}} for {{Networked Medical Devices}}},
author = {Seale, Katherine A. and McDonald, Jeffrey Todd and Glisson, William B. and Pardue, J. Harold and Jacobs, Michael B.},
date = {2018-01},
location = {{Hilton Waikoloa Village, HI}},
doi = {10.24251/HICSS.2018.414},
url = {http://hdl.handle.net/10125/50302},
urldate = {2022-12-02},
eventtitle = {51st {{Hawaii International Conference}} on {{System Sciences}} ({{HICSS-51}})},
isbn = {978-0-9981331-1-9},
language = {en}
}
@inproceedings{conferencepaper:sion:sparta-security-privacy:2018,
title = {{{SPARTA}}: {{Security}} \& {{Privacy Architecture Through Risk-Driven Threat Assessment}}},
shorttitle = {{{SPARTA}}},
booktitle = {2018 {{IEEE International Conference}} on {{Software Architecture Companion}} ({{ICSA-C}})},
author = {Sion, Laurens and Van Landuyt, Dimitri and Yskout, Koen and Joosen, Wouter},
date = {2018-04},
pages = {89--92},
publisher = {{IEEE}},
location = {{Seattle, WA}},
doi = {10.1109/ICSA-C.2018.00032},
url = {https://ieeexplore.ieee.org/document/8432187/},
urldate = {2023-03-03},
eventtitle = {2018 {{IEEE International Conference}} on {{Software Architecture Companion}} ({{ICSA-C}})},
isbn = {978-1-5386-6585-5},
language = {en}
}
@inproceedings{conferencepaper:tuma:two-architectural-threat:2018,
title = {Two {{Architectural Threat Analysis Techniques Compared}}},
booktitle = {Software {{Architecture}}},
author = {Tuma, Katja and Scandariato, Riccardo},
editor = {Cuesta, Carlos E. and Garlan, David and Pérez, Jennifer},
date = {2018},
volume = {11048},
pages = {347--363},
publisher = {{Springer International Publishing}},
location = {{Madrid, Spain}},
doi = {10.1007/978-3-030-00761-4_23},
url = {http://link.springer.com/10.1007/978-3-030-00761-4_23},
urldate = {2023-03-09},
eventtitle = {European {{Conference}} on {{Software Architecture}}},
isbn = {978-3-030-00760-7 978-3-030-00761-4},
language = {en}
}
@inproceedings{conferencepaper:wuyts:linddun-go-lightweight:2020,
title = {{{LINDDUN GO}}: {{A Lightweight Approach}} to {{Privacy Threat Modeling}}},
shorttitle = {{{LINDDUN GO}}},
booktitle = {2020 {{IEEE European Symposium}} on {{Security}} and {{Privacy Workshops}} ({{EuroS}}\&{{PW}})},
author = {Wuyts, Kim and Sion, Laurens and Joosen, Wouter},
date = {2020-09},
pages = {302--309},
publisher = {{IEEE}},
location = {{Genoa, Italy}},
doi = {10.1109/EuroSPW51379.2020.00047},
url = {https://ieeexplore.ieee.org/document/9229757/},
urldate = {2023-03-03},
eventtitle = {2020 {{IEEE European Symposium}} on {{Security}} and {{Privacy Workshops}} ({{EuroS}}\&{{PW}})},
isbn = {978-1-72818-597-2},
language = {en}
}
@misc{document:kohnfelder:threats-our-products:1999,
title = {The Threats to Our Products},
shorttitle = {The Threats to Our Products},
author = {Kohnfelder, Loren and Garg, Praerit},
date = {1999-04-01},
publisher = {{Microsoft}},
url = {https://shostack.org/files/microsoft/The-Threats-To-Our-Products.docx},
urldate = {2022-11-01},
language = {en}
}
@article{journalarticle:bernsmed:adopting-threat-modelling:2022,
title = {Adopting Threat Modelling in Agile Software Development Projects},
author = {Bernsmed, Karin and Cruzes, Daniela Soares and Jaatun, Martin Gilje and Iovan, Monica},
date = {2022-01},
journaltitle = {Journal of Systems and Software},
volume = {183},
issn = {01641212},
doi = {10.1016/j.jss.2021.111090},
url = {https://linkinghub.elsevier.com/retrieve/pii/S0164121221001874},
language = {en}
}
@article{journalarticle:garg:fuzzy-logic-approach:2011,
title = {Fuzzy {{Logic Approach}} for {{Threat Prioritization}} in {{Agile Security Framework}} Using {{DREAD Model}}},
author = {Garg, Sonia and Singhal, Archana and Banati, Hema},
date = {2011},
journaltitle = {IJCSI International Journal of Computer Science Issues},
volume = {8},
number = {4},
pages = {182--190},
issn = {1694-0814},
doi = {10.48550/arXiv.1312.6836},
url = {https://arxiv.org/abs/1312.6836},
urldate = {2023-03-03},
language = {en},
keywords = {Computer Science - Software Engineering}
}
@article{journalarticle:hutchins:intelligencedriven-computer-network:2011,
title = {Intelligence-{{Driven Computer Network Defense Informed}} by {{Analysis}} of {{Adversary Campaigns}} and {{Intrusion Kill Chains}}},
author = {Hutchins, Eric Michael and Cloppert, Michael J. and Amin, Rohan M.},
date = {2011-01},
url = {https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf},
urldate = {2023-02-10},
language = {en}
}
@article{journalarticle:khalil:threat-modeling-cyberphysical:2023,
title = {Threat {{Modeling}} of {{Cyber-Physical Systems}} - {{A Case Study}} of a {{Microgrid System}}},
author = {Khalil, Shaymaa Mamdouh and Bahsi, Hayretdin and Dola, Henry Ochieng’ and Korõtko, Tarmo and McLaughlin, Kieran and Kotkas, Vahur},
date = {2023-01},
journaltitle = {Computers \& Security},
volume = {124},
issn = {0167-4048},
doi = {10.1016/j.cose.2022.102950},
url = {https://linkinghub.elsevier.com/retrieve/pii/S016740482200342X},
language = {en}
}
@article{journalarticle:tuma:finding-security-threats:2021,
title = {Finding Security Threats That Matter: {{Two}} Industrial Case Studies},
shorttitle = {Finding Security Threats That Matter},
author = {Tuma, Katja and Sandberg, Christian and Thorsson, Urban and Widman, Mathias and Herpel, Thomas and Scandariato, Riccardo},
date = {2021-09},
journaltitle = {Journal of Systems and Software},
volume = {179},
issn = {01641212},
doi = {10.1016/j.jss.2021.111003},
url = {https://linkinghub.elsevier.com/retrieve/pii/S016412122100100X},
language = {en}
}
@article{journalarticle:wang:vulnerability-risk-assessment:2020,
title = {A {{Vulnerability Risk Assessment Method Based}} on {{Heterogeneous Information Network}}},
author = {Wang, Wenrui and Shi, Fan and Zhang, Min and Xu, Chengxi and Zheng, Jinghua},
date = {2020-08},
journaltitle = {IEEE Access},
volume = {8},
issn = {2169-3536},
doi = {10.1109/ACCESS.2020.3015551},
url = {https://ieeexplore.ieee.org/document/9163374/},
urldate = {2023-01-07},
language = {en}
}
@article{journalarticle:xiong:cyber-security-threat:2022,
title = {Cyber Security Threat Modeling Based on the {{MITRE Enterprise ATT}}\&{{CK Matrix}}},
author = {Xiong, Wenjun and Legrand, Emeline and Åberg, Oscar and Lagerström, Robert},
date = {2022-02-01},
journaltitle = {Software and Systems Modeling},
volume = {21},
number = {1},
pages = {157--177},
issn = {1619-1374},
doi = {10.1007/s10270-021-00898-7},
url = {https://doi.org/10.1007/s10270-021-00898-7},
language = {en}
}
@article{journalarticle:xiong:threat-modeling-systematic:2019,
title = {Threat Modeling – {{A}} Systematic Literature Review},
author = {Xiong, Wenjun and Lagerström, Robert},
date = {2019-07},
journaltitle = {Computers \& Security},
volume = {84},
pages = {53--69},
issn = {01674048},
doi = {10.1016/j.cose.2019.03.010},
url = {https://linkinghub.elsevier.com/retrieve/pii/S0167404818307478},
urldate = {2023-02-15},
language = {en}
}
@report{report:bodeau:cyber-threat-modeling:2018,
type = {Technical Report},
title = {Cyber {{Threat Modeling}}: {{Survey}}, {{Assessment}}, and {{Representative Framework}}},
author = {Bodeau, Deborah J. and McCollum, Catherine D and Fox, David B},
date = {2018-04-07},
number = {18-1174},
institution = {{The Homeland Security Systems Engineering and Development Institute (HSSEDI)™}},
url = {https://www.mitre.org/sites/default/files/2021-11/prs-18-1174-ngci-cyber-threat-modeling.pdf},
urldate = {2022-12-12},
language = {en}
}
@report{report:jointtaskforcetransformationinitiative:guide-conducting-risk:2012a,
title = {Guide for Conducting Risk Assessments},
author = {{Joint Task Force Transformation Initiative}},
date = {2012-09-17},
institution = {{National Institute of Standards and Technology}},
location = {{Gaithersburg, MD}},
url = {https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final},
urldate = {2022-11-15},
language = {en},
keywords = {Cyber threats,FISMA,Guide for Conducting Risk Assessments,Mission impact,NIST Special Publication 800-30 Revision 1 Guide for Conducting Risk Assessments,Rick mitigation,Risk assessment,Risk assessment report,Risk concept,Risk determination,Risk management,Security controls,SP 800-30,SP 800-30 Revision 1,System vulnerabilities}
}
@report{report:mell:common-vulnerability-scoring:2007,
title = {The Common Vulnerability Scoring System ({{CVSS}}) and Its Applicability to Federal Agency Systems},
date = {2007},
number = {NIST Interagency Report 7435},
institution = {{National Institute of Standards and Technology}},
location = {{Gaithersburg, MD}},
doi = {10.6028/NIST.IR.7435},
url = {https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7435.pdf},
urldate = {2023-02-02},
editora = {Mell, Peter and Scarfone, Karen and Romanosky, Sasha},
editoratype = {collaborator},
language = {en}
}
@report{report:muckin:threatdriven-approach-cyber:2019,
type = {White Paper},
title = {A {{Threat-Driven Approach}} to {{Cyber Security}}},
author = {Muckin, Michael and Fitch, Scott C.},
date = {2019},
institution = {{Lockheed Martin Corporation}},
url = {https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Threat-Driven-Approach.pdf},
urldate = {2022-11-15},
language = {en},
keywords = {attack trees,compliance,cybersecurity,security controls,threat and risk,threat intelligence,threat modeling,threat profiles}
}
@report{report:shevchenko:threat-modeling-cyberphysical:2018,
type = {White Paper},
title = {Threat {{Modeling}} for {{Cyber-Physical System-of-Systems}}: {{Methods Evaluation}}},
shorttitle = {Threat {{Modeling}} for {{Cyber-Physical System-of-Systems}}},
author = {Shevchenko, Nataliya and Frye, Brent R. and Woody, Carol},
date = {2018-09},
number = {REV-03.18.2016.0},
institution = {{Software Engineering Institute, Carnegie Mellon University}},
location = {{Pittsburgh, PA}},
url = {https://resources.sei.cmu.edu/asset_files/WhitePaper/2018_019_001_526372.pdf},
urldate = {2022-10-03},
language = {en}
}
@report{report:shevchenko:threat-modeling-summary:2018,
type = {White Paper},
title = {Threat {{Modeling}}: {{A Summary}} of {{Available Methods}}},
author = {Shevchenko, Nataliya and Chick, Timothy A and O’Riordan, Paige and Scanlon, Thomas Patrick and Woody, Carol},
date = {2018-07},
institution = {{Software Engineering Institute, Carnegie Mellon University}},
location = {{Pittsburgh, PA}},
url = {https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=524448},
urldate = {2022-10-03},
language = {en}
}
@report{report:singapore:guide-cyber-threat:2021,
title = {Guide to {{Cyber Threat Modelling}}},
author = {family=Singapore, given=CSA, given-i=CSA},
date = {2021-02},
institution = {{CSA Singapore}},
location = {{Singapore}},
url = {https://www.csa.gov.sg/-/media/csa/documents/legislation_supplementary_references/guide-to-cyber-threat-modelling.pdf},
urldate = {2022-11-15},
language = {en}
}
@report{report:souppaya:guide-datacentric-system:2016,
title = {Guide to {{Data-Centric System Threat Modeling}}},
author = {Souppaya, Murugiah and Scarfone, Karen},
date = {2016-03-14},
institution = {{National Institute of Standards and Technology}},
url = {https://csrc.nist.gov/publications/detail/sp/800-154/draft},
urldate = {2022-11-15},
language = {en},
keywords = {data security,DRAFT Special Publication 800-154,Guide to Data-Centric System Threat Modeling,information security,risk assessment,risk management,SP 800-154,threat modeling,threats,vulnerabilities}
}
@report{report:strom:finding-cyber-threats:2017,
type = {Technical Report},
title = {Finding {{Cyber Threats}} with {{ATT}}\&{{CK-Based Analytics}}},
author = {Strom, Blake E. and Battaglia, Joseph A. and Kemmerer, Michael S. and Kupersanin, William and Miller, Douglas P. and Wampler, Craig and Whitley, Sean M. and Wolf, Ross D.},
date = {2017-06},
number = {MTR170202},
institution = {{The MITRE Corporation}},
location = {{Annapolis Junction, MD}},
url = {https://www.mitre.org/sites/default/files/2021-11/16-3713-finding-cyber-threats-with-attack-based-analytics.pdf},
urldate = {2022-11-15},
language = {en}
}
@report{report:strom:mitre-att-ck:2020,
type = {White Paper},
title = {{{MITRE ATT}}\&{{CK}}®: {{Design}} and {{Philosophy}}},
author = {Strom, Blake E and Applebaum, Andy and Miller, Doug P. and Nickels, Kathryn C. and Pennington, Adam G. and Thomas, Cody B.},
date = {2020-03-31},
number = {MP180360R1},
institution = {{The MITRE Corporation}},
location = {{McLean, VA}},
url = {https://www.mitre.org/news-insights/publication/mitre-attck-design-and-philosophy},
urldate = {2022-11-15},
language = {en}
}
@report{report:vonderassen:collaborative-threat-modeling:2022,
type = {IfI Technical Report},
title = {On {{Collaborative Threat Modeling}}},
author = {family=Assen, given=Jan, prefix=von der, useprefix=true and Franco, Muriel F. and Killer, Christian and Scheid, Eder J.},
date = {2022-04},
number = {2022.04},
institution = {{University of Zurich UZH - Department of Informatics IfI}},
location = {{Zurich, Switzerland}},
url = {https://files.ifi.uzh.ch/CSG/staff/vonderassen/extern/publications/IfI-TR-2022_04.pdf},
urldate = {2023-02-20},
language = {en}
}
@report{report:wuyts:linddun-privacy-threat:2015,
type = {Technical Report},
title = {{{LINDDUN Privacy Threat Modeling}}: {{A}} Tutorial},
shorttitle = {{{LINDDUN}} Privacy Threat Modeling},
author = {Wuyts, Kim and Joosen, Wouter},
date = {2015-07},
number = {CW 685},
institution = {{KU Leuven - Department of Computer Science}},
location = {{Leuven, Belgium}},
url = {https://lirias.kuleuven.be/retrieve/331950},
urldate = {2023-03-03},
language = {en}
}
@online{webpage:baker:what-threat-model:2022,
title = {What {{Is}} a {{Threat Model}}},
shorttitle = {Threat {{Modeling}} - {{What}} Is It?},
author = {Baker, Kurt},
date = {2022-09-06},
url = {https://www.crowdstrike.com/cybersecurity-101/threat-modeling/},
urldate = {2023-01-01},
language = {en},
organization = {{Crowdstrike}}
}
@online{webpage:born:wissen-ist-macht:2019,
title = {Wissen ist Macht: So funktioniert die MITRE ATT\&CK Matrix},
shorttitle = {Wissen ist Macht},
author = {Born, Günter},
date = {2019-05-26},
url = {https://www.borncity.com/blog/2019/05/26/wissen-ist-macht-so-funktioniert-die-mitre-attck-matrix/},
urldate = {2023-02-03},
language = {de},
organization = {{Borns IT- und Windows-Blog}}
}
@online{webpage:charles:what-stride-methodology:2022,
type = {Blog},
title = {What Is {{STRIDE Methodology}} in {{Threat Modelling}}?},
author = {Charles, Archer},
date = {2022-05-25},
url = {https://www.koenig-solutions.com/blog/stride-methodology-in-threat-modelling},
urldate = {2023-02-03},
language = {en},
organization = {{STRIDE Methodology in Threat Modelling}}
}
@online{webpage:conklin:threat-modeling-process:,
title = {Threat {{Modeling Process}}},
author = {Conklin, Larry and Drake, Victoria and Strittmatter, Sven},
url = {https://owasp.org/www-community/Threat_Modeling_Process},
urldate = {2023-02-03},
language = {en},
organization = {{OWASP Foundation}}
}
@online{webpage:crowdstrike:what-cyber-kill:2022,
type = {Corporate},
title = {What Is the {{Cyber Kill Chain}}? {{Introduction Guide}}},
shorttitle = {What Is the {{Cyber Kill Chain}}?},
author = {CrowdStrike},
date = {2022-10-14},
url = {https://www.crowdstrike.com/cybersecurity-101/cyber-kill-chain/},
urldate = {2023-03-23},
language = {en},
organization = {{CrowdStrike}}
}
@online{webpage:crowdstrike:what-mitre-attack:2022,
type = {Corporate},
title = {What Is the {{Mitre Attack Framework}}? | {{CrowdStrike}}},
shorttitle = {What Is the {{Mitre Attack Framework}}?},
author = {CrowdStrike},
date = {2022-10-07},
url = {https://www.crowdstrike.com/cybersecurity-101/mitre-attack-framework/},
urldate = {2023-03-21},
language = {en},
organization = {{crowdstrike.com}}
}
@online{webpage:cynance:stride-threat-modelling:2022,
title = {{{STRIDE Threat Modelling}} 6 {{Steps To A Secure Application}}},
author = {Cynance},
date = {2022},
url = {https://www.cynance.co/stride-threat-modelling-6-steps-to-secure-apps/},
urldate = {2023-02-03},
language = {en},
organization = {{Cynance}}
}
@online{webpage:donovan:what-stride-how:2021,
type = {Online news article},
title = {What Is {{STRIDE}} and {{How Does It Anticipate Cyberattacks}}?},
author = {Donovan, Fred},
date = {2021-11-01},
url = {https://securityintelligence.com/articles/what-is-stride-threat-modeling-anticipate-cyberattacks/},
urldate = {2023-02-03},
language = {en},
organization = {{Security Intelligence}}
}
@online{webpage:drake:threat-modeling:,
title = {Threat {{Modeling}}},
author = {Drake, Victoria},
url = {https://owasp.org/www-community/Threat_Modeling},
urldate = {2023-02-03},
language = {en},
organization = {{Owasp.org}}
}
@online{webpage:eccouncil:benefits-performing-threat:2022,
title = {The {{Benefits}} of {{Performing Threat Modeling}} with {{OCTAVE}}},
author = {Eccouncil},
date = {2022-09-04},
url = {https://www.eccouncil.org/cybersecurity-exchange/threat-intelligence/octave-threat-model-benefits/},
urldate = {2023-02-03},
language = {en},
organization = {{Eccouncil.org}}
}
@online{webpage:eccouncil:cyber-threat-modeling:,
title = {Cyber {{Threat Modeling}}},
author = {Eccouncil},
url = {https://www.eccouncil.org/threat-modeling/},
urldate = {2023-02-03},
language = {en-US},
organization = {{Eccouncil.org}}
}
@online{webpage:fass:was-ist-security:2021,
type = {Blog},
title = {Was ist Security Threat Modeling? - Eine Einführung | Cyber Security Blog},
shorttitle = {Was ist Security Threat Modeling?},
author = {Faß, Thomas},
date = {2021-03-01},
url = {https://alter-solutions.de/allgemein/was-ist-security-threat-modeling-eine-einfuehrung/},
urldate = {2023-01-02},
language = {de},
organization = {{Alter Solutions Deutschland GmbH}}
}
@online{webpage:first:cvss-v3-specification:2021,
type = {Corporate},
title = {{{CVSS}} v3.1 {{Specification Document}}},
author = {FIRST},
date = {2021},
url = {https://www.first.org/cvss/v3.1/specification-document},
urldate = {2023-02-03},
language = {en},
organization = {{Common Vulnerability Scoring System Version 3.1}}
}
@online{webpage:flynn:what-are-challenges:2021,
title = {What Are the Challenges Associated with the {{MITRE ATT}}\&{{CK}} Framework?},
shorttitle = {What Are the Challenges Associated with the {{MITRE ATT}}\&{{CK}} Framework?},
author = {Flynn, Shannon},
date = {2021-12-09},
url = {https://www.computerweekly.com/news/252510650/What-are-the-challenges-associated-with-the-MITRE-ATTCK-framework},
urldate = {2023-03-23},
language = {en},
organization = {{ComputerWeekly}}
}
@online{webpage:gael:threat-modeling-which:2022,
title = {Threat Modeling: Which Method Should You Choose for Your Company? ({{Stride}}, {{Dread}}, {{QTMM}}, {{LINDDUN}}, {{PASTA}})},
shorttitle = {Threat Modeling},
author = {Gaël, B.},
date = {2022-04-28},
url = {https://positivethinking.tech/insights/threat-modeling-which-method-should-you-choose-for-your-company-stride-dread-qtmm-linddun-pasta/},
urldate = {2023-02-03},
organization = {{Positive Thinking Company}}
}
@online{webpage:gonzalez:top-threat-modeling:2022,
title = {Top 8 {{Threat Modeling Methodologies}} and {{Techniques}}},
shorttitle = {Top 8 {{Threat Modeling Methodologies}} and {{Techniques}}},
author = {Gonzalez, Cynthia},
date = {2022-02-06},
url = {https://www.exabeam.com/information-security/threat-modeling/},
urldate = {2023-02-01},
language = {en},
organization = {{Exabeam}}
}
@online{webpage:hernan:uncover-security-design:2019,
title = {Uncover {{Security Design Flaws Using The STRIDE Approach}}},
author = {Hernan, Shawn and Lambert, Scott and Ostwald, Tomasz and Shostack, Adam},
date = {2019-07-10},
url = {https://learn.microsoft.com/en-us/archive/msdn-magazine/2006/november/uncover-security-design-flaws-using-the-stride-approach},
urldate = {2023-02-28},
language = {en},
organization = {{MSDN Magazine Issues}}
}
@online{webpage:hewko:challenges-implementing-threat:2021,
title = {3 {{Challenges}} of {{Implementing Threat Modeling}} into Your {{SDLC}}},
author = {Hewko, Alex},
date = {2021-06-10},
url = {https://www.softwaresecured.com/3-challenges-of-implementing-threat-modeling-into-your-sdlc/},
urldate = {2023-01-01},
language = {en},
organization = {{Software Secured}}
}
@online{webpage:hewko:stride-threat-modeling:2021,
title = {{{STRIDE Threat Modeling}}: {{What You Need}} to {{Know}}},
shorttitle = {{{STRIDE Threat Modeling}} | {{What Is It}}?},
author = {Hewko, Alex},
date = {2021-09-02},
url = {https://www.softwaresecured.com/stride-threat-modeling/},
urldate = {2023-02-03},
language = {en},
organization = {{Software Secured}}
}
@online{webpage:hirschmann:threat-modelling-bedrohungsanalyse:,
title = {Threat Modelling – Bedrohungsanalyse – 1. Teil: Einleitung – Geballte Sicherheit},
shorttitle = {Threat Modelling – Bedrohungsanalyse – 1. Teil},
author = {Hirschmann, Bernhard},
url = {https://geballte-sicherheit.de/threat-modelling-bedrohungsanalyse-1-teil-einleitung/},
urldate = {2023-02-01},
language = {de},
organization = {{Geballte Sicherheit}}
}
@online{webpage:koussa:what-threat-modeling:2021,
title = {What {{Is Threat Modeling}} \& {{Why Is It Underestimated}}},
author = {Koussa, Sherif},
date = {2021-02-17},
url = {https://www.softwaresecured.com/what-is-threat-modeling/},
urldate = {2023-01-01},
language = {en},
organization = {{Software Secured}}
}
@online{webpage:loshin:challenges-benefits-using:2019,
title = {Challenges and Benefits of Using the {{Mitre ATT}}\&{{CK}} Framework},
author = {Loshin, Peter},
date = {2019-04},
url = {https://www.techtarget.com/searchsecurity/feature/Challenges-and-benefits-of-using-the-Mitre-ATTCK-framework},
urldate = {2023-03-23},
language = {en},
organization = {{TechTarget | Security}}
}
@online{webpage:luber:was-ist-mitre:2022,
type = {Educational resource},
title = {Was ist das MITRE ATT\&CK Framework?},
author = {Luber, Stefan},
date = {2022-09-28},
url = {https://www.security-insider.de/was-ist-das-mitre-attck-framework-a-99bb9d4fc17ce387f41bf1d7dd2ebed0/},
urldate = {2023-01-03},
language = {de},
organization = {{Security Insider}}
}
@online{webpage:mitre:capec-common-attack:2023,
title = {{{CAPEC}} - {{Common Attack Pattern Enumeration}} and {{Classification}} ({{CAPEC}}™)},
author = {MITRE},
date = {2023-02-23},
url = {https://capec.mitre.org/},
urldate = {2023-03-18},
language = {en},
organization = {{MITRE CAPEC™}}
}
@online{webpage:mitre:cwe-common-weakness:2023,
title = {{{CWE}} - {{Common Weakness Enumeration}}},
author = {MITRE},
date = {2023-02-24},
url = {https://cwe.mitre.org/},
urldate = {2023-03-18},
language = {en},
organization = {{MITRE CWE™}}
}
@online{webpage:mitre:ics-matrix-mitre:2022,
type = {Corporate},
title = {{{ICS Matrix}} | {{MITRE ATT}}\&{{CK}}®},
author = {MITRE},
date = {2022-05-06},
url = {https://attack.mitre.org/versions/v12/matrices/ics/},
urldate = {2023-03-18},
language = {en},
organization = {{Matrix | MITRE ATT\&CK®}}
}
@online{webpage:mitre:mitre-att-ck:2022,
type = {Corporate},
title = {{{MITRE ATT}}\&{{CK}}® {{Matrix}} for {{Enterprise}}},
shorttitle = {{{MITRE ATT}}\&{{CK}}® {{Matrix}}},
author = {MITRE},
date = {2022-11-08},
url = {https://attack.mitre.org/versions/v12/matrices/enterprise/},
urldate = {2023-03-12},
language = {en},
organization = {{MITRE ATT\&CK®}}
}
@online{webpage:mitre:mobile-matrix-mitre:2022,
type = {Corporate},
title = {Mobile {{Matrix}} | {{MITRE ATT}}\&{{CK}}®},
author = {MITRE},
date = {2022-04-06},
url = {https://attack.mitre.org/versions/v12/matrices/mobile/},
urldate = {2023-03-18},
language = {en},
organization = {{Matrix - Mobile | MITRE ATT\&CK®}}
}
@online{webpage:nist:mobile-threat-catalogue:2022,
title = {Mobile {{Threat Catalogue}}},
shorttitle = {Mobile {{Threat Catalogue}}},
author = {NIST},
date = {2022-08},
url = {https://pages.nist.gov/mobile-threat-catalogue/},
urldate = {2023-03-22},
language = {en},
organization = {{NIST | National Institute of Standards and Technology}}
}
@online{webpage:ohlinger:threat-model-analysis:2021,
title = {Threat {{Model Analysis}}},
author = {Ohlinger, Mandi and Sharkey, Kent and Saisang, Cai},
date = {2021-02-02},
url = {https://learn.microsoft.com/en-us/biztalk/core/threat-model-analysis},
urldate = {2023-02-03},
language = {en}
}
@online{webpage:olsen:intelligence-driven-defense:2022,
title = {Intelligence Driven Defense - a Practical Way towards Cyber Resilience},
author = {Olsen, Håkon},
date = {2022-09-21},
url = {https://www.linkedin.com/pulse/intelligence-driven-defense-practical-way-towards-cyber-h%C3%A5kon-olsen/},
urldate = {2022-10-10}
}
@online{webpage:paloaltonetworks:what-mitre-att:2022,
type = {Corporate},
title = {What Is the {{MITRE ATT}}\&{{CK Framework}}?},
author = {PaloAlto Networks},
date = {2022},
url = {https://www.paloaltonetworks.com/cyberpedia/what-is-mitre-attack-framework},
urldate = {2023-03-21},
language = {en-US},
organization = {{Palo Alto Networks}}
}
@online{webpage:schonschek:cyber-kill-chain:2017,
type = {Educational resource},
title = {Cyber Kill Chain - Grundlagen, Anwendung und Entwicklung},
shorttitle = {Was ist die Lockheed Martin Cyber Kill Chain?},
author = {Schonschek, Oliver and Schmitz, Peter},
date = {2017-05-19},
url = {https://www.security-insider.de/cyber-kill-chain-grundlagen-anwendung-und-entwicklung-a-608017/},
urldate = {2023-03-18},
language = {de},
organization = {{Cyber Kill Chain - Grundlagen, Anwendung und Entwicklung}}
}
@online{webpage:schulman:threat-modeling:,
title = {Threat {{Modeling}}},
author = {Schulman, Robin and Lake, Julia},
url = {https://about.gitlab.com/handbook/security/threat_modeling/},
urldate = {2023-02-03},
language = {en},
organization = {{GitLab}}
}
@online{webpage:shevchenko:evaluating-threatmodeling-methods:2019,
type = {Blog},
title = {Evaluating {{Threat-Modeling Methods}} for {{Cyber-Physical Systems}}},
shorttitle = {Evaluating {{Threat-Modeling Methods}} for {{Cyber-Physical Systems}}},
author = {Shevchenko, Nataliya},
date = {2019-02-04},
url = {https://insights.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/},
urldate = {2022-12-28},
language = {en},
organization = {{SEI Blog}}
}
@online{webpage:shevchenko:threat-modeling-12:2018,
type = {Blog},
title = {Threat {{Modeling}}: 12 {{Available Methods}}},
shorttitle = {Threat {{Modeling}}},
author = {Shevchenko, Nataliya},
date = {2018-12-03},
url = {https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/},
urldate = {2023-02-03},
language = {en},
organization = {{SEI Blog}}
}
@online{webpage:stanger:think-hacker-cybersecurity:2022,
title = {Think {{Like}} a {{Hacker}}: 3 {{Cybersecurity Models Used}} to {{Investigate Intrusions}}},
shorttitle = {Think {{Like}} a {{Hacker}}},
author = {Stanger, James},
date = {2022-06-26},
url = {https://www.comptia.org/blog/think-like-a-hacker-3-cybersecurity-models-used-to-investigate-intrusions},
urldate = {2023-02-03},
language = {en},
organization = {{Comptia.org}}
}
@online{webpage:trellix:what-mitre-att:2021,
type = {Corporate},
title = {What {{Is}} the {{MITRE ATT}}\&{{CK Framework}}? | {{Get}} the 101 {{Guide}} | {{Trellix}}},
shorttitle = {What {{Is}} the {{MITRE ATT}}\&{{CK Framework}}?},
author = {Trellix},
date = {2021},
url = {https://www.trellix.com/en-us/security-awareness/cybersecurity/what-is-mitre-attack-framework.html},
urldate = {2023-03-21},
language = {en}
}
@online{webpage:walkowski:mitre-att-ck:2021,
title = {{{MITRE ATT}}\&{{CK}}: {{What It Is}}, {{How}} It {{Works}}, {{Who Uses It}} and {{Why}}},
shorttitle = {{{MITRE ATT}}\&{{CK}}},
author = {Walkowski, Debbie},
date = {2021-06-10},
url = {https://www.f5.com/labs/learning-center/mitre-attack-what-it-is-how-it-works-who-uses-it-and-why},
urldate = {2023-03-21},
language = {en},
organization = {{F5 Labs}}
}
Your entry
@online{webpage:olsen:intelligence-driven-defense:2022,
title = {Intelligence Driven Defense - a Practical Way towards Cyber Resilience},
author = {Olsen, Hakon},
date = {2022-09-21},
url = {https://www.linkedin.com/pulse/intelligence-driven-defense-practical-way-towards-cyber-h%C3%A5kon-olsen/},
urldate = {2022-10-10}
}breaks our parser because the url contains %.
linits
commented
1 year ago With version 9.7.0 the same bib file is formatted correctly without problems.
jlelong
commented
1 year ago Can you try to remove the % in the url and check that calling the formatter from the command palette works?
jlelong
commented
1 year ago OK, I have found the issue with %. This is caused by #3748. The stripComments function removes everything after `%, which breaks the file syntax.
--EDIT-- I confirm the whole issue is about %. Removing the % makes both format on save and manual formatting work as expected.
linits
commented
1 year ago webpage:olsen:intelligence-driven-defense:2022
If I remove this entry with the % in the url, the formatting works as expected again.
Thank you.
jlelong
commented
1 year ago @James-Yu I am not really sure how to reconcile this issue with #3748.
The simplest approach is to require a space after % for considering it as a comment sign.
I think this issue may also occur in LaTeX files.
James-Yu
commented
1 year ago jlelong
commented
1 year ago I have no better idea. This is actually quite tricky.
Pre-checks*
Environment*
The Issue*
Reproduction Steps
Expected Behavior
Logs
LaTeX Workshop Output*
Developer Tools Console
Additional Details
After the update, the Bibtex format looks like this
With 9.7.0 the formatting looks like this: