Friday, December 10, 2010 3:51 AM
We have been attempting to use the TM tool for a large project and number of suggestions that might make this a better tool:
- Assign probability and severity (or some criticality rating scheme) to the Threat Impact records so that they could be sorted. The use case is that we want to know which of our unmitigated threats we need to deal with first. Sure we can use bug track to sort, but what about unmitigated threats? Or sorting in side the tool?
- Let the Analysis windows be sorted or filtered. The use case is that I am working on a child diagram and need to go to the Analysis window. How do I find the elements or threats relevant to that child diagram? I have 82 elements in the total model, but only 6 in the child, but I am stumped how to find them.
- Export the reports or the model into Excel – heck you have them in xml so you are 90% there.
- Add Auto-Save - after three crashes due to the Insert Element in child Diagram bug, you would think I'd learn.
- Display the threat progress status in the diagram
One other suggestion - why not 'open source' this tool? That way the rest of us could try working on these features and you could work on something else.
Finally, I saw in a Sept 15 post by Bill425 that the crash bug was fixed and will be available in your next release. Any idea when the next release is coming out?
Eric Byres P.Eng Chief Technology Officer Tofino Security Inc. Tel 250 390 1333 | email@example.com Makers of Tofino™ | tofinosecurity.com Visit our blog: Practical SCADA Security Follow Eric Byres on Twitter
- Moved by Hengzhe Li Tuesday, June 21, 2011 12:01 PM Forum Consolidate (From:Microsoft Security Development Lifecycle (SDL) - Threat Modeling)
Thursday, January 06, 2011 9:32 PM
+1 vote in favour of Open Sourcing the tool to allow transparent active development and far more frequent releases.
Tuesday, January 18, 2011 7:21 PM
The new build has just been released as beta v3.1.6. You can download it now at http://www.microsoft.com/downloads/en/details.aspx?FamilyID=a48cccb1-814b-47b6-9d17-1e273f65ae19&displaylang=en.
As for your feature requests, the SDL TM team do read this forum from time to time. I will allow them to chime in on their thoughts if they have something to add. I really like the suggestion about open sourcing the tool.
Thursday, May 05, 2011 8:41 AM
another +1 Vote in favour of Open Sourcing the tool.
In the meantime I would like to add to Erics list of requests.
6. Add an 'Action' to submit all threats as bugs, on large models its a right pain to have to manually go through 100's of threats hitting the 'file bug' button
7. Add the ability to synchronise changes to bugs filed in TFS back to the TM tool, i.e. If I change a threat discription in TFS that change is refected in the TM model.
Neil Dixley - Development Team Lead - Sage UK
Wednesday, May 11, 2011 5:26 PMOwnerthanks everyone - suggestions on this thread about tool improvements have been noted in our database. we will look into these enhancements as we plan the next major release of the tool.
- Marked As Answer by Ashish PopliOwner Wednesday, May 11, 2011 5:28 PM