The yaml generator for threat assessment according to STRIDE-TRIM.
Each assessment result in a sigle file and should be limited in scope. Typical cope limitations include:
- A single activity, or task related to a solution
- A single part of a solution
- A limited set of an architecture
It is helpful to have an image representing the solution and its threat boundaries, such as a simple architecture drawing.
This generator works in accordance to Adam Shostack EoP card deck, with the addition of the TRIM rules based on F-secure Elevation of Privacy.
This is originally from Fraser Scott's [Alexa implementation] (https://github.com/zeroXten/eop) published under MIT licence.
The Elevation of Privacy card game is published under Creative Commons Attribution 4.0 International license (https://creativecommons.org/licenses/by/4.0/).
The Elevation of Privilege card game is licenced under the Creative Commons Attribution 3.0 International license (http://creativecommons.org/licenses/by/3.0/us/).