andrewbwm
commented
2 years ago @zeesafza suggested that we may want to implement an attempt to use vulnerability on the System if the Applications running on top are compromised.
Closed andrewbwm closed 2 years ago
andrewbwm
commented
2 years ago @zeesafza suggested that we may want to implement an attempt to use vulnerability on the System if the Applications running on top are compromised.
andrewbwm
commented
2 years ago Re-evaluate if we want to represent only hardware with the System asset.
andrewbwm
commented
2 years ago The decision was made to rework the System asset into Hardware which is simpler and more cleanly delineates the distinction between software and hardware in coreLang.
The current pull request(#70) containing those changes also introduces HardwareVulnerabilities and addresses the previous comments as well.
We should probably introduce a simple version of hardware vulnerabilities that attach to the System asset.
One concern is if and how we want to the unsafe user actions to trigger hardware vulnerabilities. Also, currently unsafe user action on the System asset does not lead to physical access for the vulnerabilities on the Applications running on that System. I chose to implement it this way because I felt it was too broad to have the user trigger hardware flaws, but often the physical access requirement for SoftwareVulnerabilities refers to much more limited unsafe behaviour.