none
Microsoft Threat Modeling Tool + Threat Mitigation Completion Bar RRS feed

  • Question

  • Greetings --

    During the analysis phase, where you're reviewing potential threats (using STRIDE), I was wondering if it was possible to fully satisfy the completion bar (e.g. all 4 bars are filled), if you're not interfacing with Team Foundation Server.  I know you can click "Certify that there are no threats of this type" and that will mark the bar as fully complete; however, this is often not the case (threats do exist) and I would like a way to document the impact and solution and have the mitigation considered fully complete (with the assumption, that I would be manually tracking any work elsewhere).

    The documentation seems to suggest that it's possible to interface with other bug tracking systems; however, I have never seen an example of this.

    Any suggestions?

    Tuesday, February 12, 2013 7:44 PM

Answers

  • Connecting to a bug tracking tool is required to meet your requirements.

    The sample code TFSBug.cs available in C:\Program Files (x86)\Microsoft\SDL Threat Modeling Tool\HelpFiles is intended to be re-written to connect to other bug tracking systems. The code and libraries in step 3 of the build instructions would need to be modified accordingly.

    Wednesday, March 13, 2013 6:58 PM
    Moderator