Use RAAML for threat models

Question

Use RAAML for threat models

Opened this issue 2 years ago · 3 comments

Model Based Systems Engineering (MBSE) typically uses SysML to interconnect models. The Risk Analysis and Assessment Modeling Language (RAAML) specification is a SysML compliant format that would allow integration with other modeling capabilities such as simulation.

Ideally, one would be able to switch between using PlantUML or SysML but the latter does more than visualization.

References:
https://www.omg.org/spec/RAAML/1.0/Beta2/About-RAAML
https://github.com/gaphor/gaphor
OWASP/threat-dragon#639
https://www.oreilly.com/library/view/threat-modeling/9781492056546/ch04.html

Answer 1 · 2023-04-20T15:20:14.000Z

so if I understand you correctly you are proposing RAAML as an additional output option for pytm?

Answer 2 · 2023-04-20T15:22:37.000Z

@izar yes as an alternative output format

Answer 3 · 2023-04-20T15:25:27.000Z

sounds great! I don't think any of the current collaborators is fluent in RAAML, is that something you could send a PR for?