[Suggestion] AssetRisk.privacy

iriusrisk / OpenThreatModel

The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.

Creative Commons Attribution Share Alike 4.0 International

169 stars 13 forks source link

[Suggestion] AssetRisk.privacy #3

Open izar opened 2 years ago

izar commented 2 years ago

Extend AssetRisk to have a privacy attribute so it doesn't need to be conflated with confidentiality and can be explicitly called out.

jgadsden commented 10 months ago

This would be good to have, I agree with @izar that we could extend the schema here:

                    "properties": {
                        "confidentiality": {"type": "number"},
                        "integrity": {"type": "number"},
                        "availability": {"type": "number"},
                        "comment": {"type": ["string", "null"]}
                    }

so that we can support risk in a wider sense than CVSS scores