OdTM icon indicating copy to clipboard operation
OdTM copied to clipboard

Is this initiative still active?

Open jaxley opened this issue 2 years ago • 3 comments

Haven't seen updates since 2021. I've been looking for uses of ontology to derive threats from descriptions of infrastructure. This one at least derives them from DFDs, but in Threat Dragon format.

jaxley avatar Sep 06 '23 17:09 jaxley

Jaxley, This tool was developed based on research made by Andrei Brazhuk https://scholar.google.com/citations?user=lxR8RLkAAAAJ&hl=pt-BR&oi=sra. No papers released after 2021.

I'm currently researching threat elicitation with recommender system support. A initial proof of concept tool called "Threat Copilot" has developed and published in https://github.com/yurix/threatcopilot

[]s

yurix avatar Sep 14 '23 00:09 yurix

@Jaxley, @Yurix, nice to meet you.

We are still working on the project. And in 2021 and after it we made some contributions, in particular:

If the interest still existed to our work, we could discuss in any form. my email is andrew. brazhuk (at) gmail. com

@Yurix, the Threat Copilot seems to be a promising project. Is there its description on English?

nets4geeks avatar Sep 26 '23 05:09 nets4geeks

@nets4geeks, hi!

Recently i have published a paper about the tool:

Abstract. Secure software development processes aim to ensure that products can operate effectively even in the face of attacks. One relevant activity in a secure development lifecycle is identifying security flaws proactively through threat modeling. Various threat modeling methods have been proposed in both industry and academic research. Despite this, integrating this activity into de- velopment teams has not been straightforward. This paper introduces a tool named ”Threat Copilot”, which is a knowledge-based recommendation system. Its purpose is to identify threats by comparing them to pre-existing threat models within an organization. Preliminary results indicate that the tool can be useful in facilitating threat elicitation.

yurix avatar Oct 11 '23 20:10 yurix