search

OWASP / threat-dragon

An open source threat modeling tool from OWASP
https://owasp.org/www-project-threat-dragon/
Apache License 2.0
902 stars 244 forks source link

Can the first screen copy be improved? #602

Closed ChristopherHackett closed 1 year ago

ChristopherHackett commented 1 year ago

This is the the first text the user sees when they have decided to launch the tool

Threat Dragon is an open-source threat modeling tool from OWASP. It can be used as a standalone desktop app for Windows, MacOS and Linux or as a web application. Use the desktop application without if you do not want it to access your GitHub repos, and if you choose the online version you get to unleash the awesome power of GitHub on your threat models! To do this you need to log in first.

It focuses on technical details of the implementation rather than: a. orientating the user, and/or b. setting out the capabilities of the tool

There is also a possible typo, should without be throughout?

It would seem there is scope to improve this copy. I can propose an alternative but before doing so would like to know more about:

  1. what type of users are expected to read the copy
  2. what should be communicated to them
  3. should the text be contextual (first time launch, type of deployment they are accessing etc)
jgadsden commented 1 year ago

Hello @ChristopherHackett I must admit I am quite emotionally attached to this wording, it is little changed from Mike Goodwin's original - a bit of history I guess Having said that ... it definitely needs changing and now is the time. Something like this?

OWASP Threat Dragon is a free, open-source, cross-platform application for creating threat models. Use it to draw threat modeling diagrams and to identify threats for your system. It is easily accessible for various types of teams, with an emphasis on flexibility and simplicity.

jgadsden commented 1 year ago

The version 2.0 release is very very close - just waiting on the Windows code signing certificate We can get this wording changed for version 2.0 if we agree on it over this weekend

jgadsden commented 1 year ago

I have created a pull-request with suggested wording "OWASP Threat Dragon is a free, open-source, cross-platform application for creating threat models. Use it to draw threat modeling diagrams and to identify threats for your system. With an emphasis on flexibility and simplicity it is easily accessible for all types of uses."

This is just a suggestion, please improve the text contents @ChristopherHackett