Closed adamshostack closed 4 years ago
jgadsden
commented
4 years ago Hello @adamshostack - good points. The elements are in red when they have unmitigated threats against them. I agree this can be made clear either in a key or more prominently in the documentation.
The colour is useful in the pdf reports, so it would be good to keep this - but I understand that a black and white hardcopy would not have the elements in red ... open to suggestions
adamshostack
commented
4 years ago Print "this diagram depends on color" beneath each diagram with colors. (Possibly make this an option.). Pros: easy. cons: may be annoying/non-obvious
Add a warning triangle ⚠️ to each element with unmitigated threats
Add a key/legend which explains "conventions in use."
jgadsden
commented
4 years ago transferring this issue to repo: https://github.com/mike-goodwin/owasp-threat-dragon-core/issues as this is the main diagram repo for both desktop and web application versions
jgadsden
commented
4 years ago Migrated to new issue in the OWASP area repo : https://github.com/OWASP/threat-dragon-core/issues/6
The sample diagram has some elements (background worker, worker config, etc) which show in red. It's not clear what red means. (dashed lines seem to be used for both trust boundaries and Out of scope).
I suggest adding a key, but possibly alternately reducing use of color to address the threat of black & white printing.