OWASP/OdTM

Is this initiative still active?

Opened this issue · 3 comments

jaxley commented

Haven't seen updates since 2021. I've been looking for uses of ontology to derive threats from descriptions of infrastructure. This one at least derives them from DFDs, but in Threat Dragon format.

yurix commented

Jaxley,
This tool was developed based on research made by Andrei Brazhuk https://scholar.google.com/citations?user=lxR8RLkAAAAJ&hl=pt-BR&oi=sra. No papers released after 2021.

I'm currently researching threat elicitation with recommender system support. A initial proof of concept tool called "Threat Copilot" has developed and published in https://github.com/yurix/threatcopilot

[]s

nets4geeks commented

@jaxley, @yurix, nice to meet you.

We are still working on the project. And in 2021 and after it we made some contributions, in particular:

If the interest still existed to our work, we could discuss in any form. my email is andrew. brazhuk (at) gmail. com

@yurix, the Threat Copilot seems to be a promising project. Is there its description on English?

yurix commented

@nets4geeks, hi!

Recently i have published a paper about the tool:

Abstract. Secure software development processes aim to ensure that products
can operate effectively even in the face of attacks. One relevant activity in a
secure development lifecycle is identifying security flaws proactively through
threat modeling. Various threat modeling methods have been proposed in both
industry and academic research. Despite this, integrating this activity into de-
velopment teams has not been straightforward. This paper introduces a tool
named ”Threat Copilot”, which is a knowledge-based recommendation system.
Its purpose is to identify threats by comparing them to pre-existing threat models
within an organization. Preliminary results indicate that the tool can be useful
in facilitating threat elicitation.