Add support for consuming and generating Open Threat Model (OTM) #440
Comments
|
Hello @stevespringett , the Open Threat Model looks an excellent initiative. The way we see it working is that Threat Dragon could read files in either format, and save in both formats. Typical Threat Dragon models are not large, it is a quick and accessible tool, so this could work well |
|
The Open Threat Model is looking very promising and so we should try to get this into the next version of threat dragon, further to the discussion in OTM under a standards body |
|
Update. Matthew McDonald on my team at ServiceNow will be publishing a PR that adds support. He's currently testing round tripping between Threat Dragon and IriusRisk. |
|
Thanks @stevespringett , very good news that this is progressing. I have assigned it to you and feel free to add Matthew McDonald. |
- Enhances the web application interface to allow for the import and export of threat models in the OTM format. - resolves OWASP#440
- Enhances the web application interface to allow for the import and export of threat models in the OTM format. - resolves OWASP#440
|
Thanks for the pull request @mmcdonald4tw, and it will get reviewed this weekend |
Hello. I'd like to be able to both consume and generate OTM from Threat Dragon. On the consumption side, I'd like to be able to open an otm file directly. On the generation side, I'd like to be able to save models in otm format.
The Open Threat Model format is still early in development, but its goals are to standardize how data from threat models are represented, providing interoperability between different systems and tools.
Per the readme:
The text was updated successfully, but these errors were encountered: