none
Tool Crashes when you choose to "Include in next layer". What's the fix? RRS feed

  • Question

  • Tool Crashes when you choose to "Include in next layer". What's going on?

    • Moved by Hengzhe Li Tuesday, June 21, 2011 12:01 PM Forum Consolidate (From:Microsoft Security Development Lifecycle (SDL) - Threat Modeling)
    Monday, January 11, 2010 4:14 AM

Answers

  • Hi Allen,

    This bug has been fixed and will be available in our next release.

    Thanks,

    Bill

    • Proposed as answer by Bill425 Wednesday, September 15, 2010 8:51 PM
    • Marked as answer by Dana Epp [Security MVP] Wednesday, September 15, 2010 8:51 PM
    Wednesday, September 15, 2010 8:50 PM

All replies

  • Allen,

    What does the log file say?
    Wednesday, January 13, 2010 8:17 PM
  • Nothing that is meaningful to me and nothing that suggests an error. That’s why I used the term “crash”, but here is the log for your review:

    SDLTM.exe Information: 0 : TM change notification, SDLTM.UserSettings.Globals, ThreatModelReset
        Timestamp=13882830285
    SDLTM.exe Information: 0 : Creating new default model.
        Timestamp=13882854896
    SDLTM.exe Information: 0 : TM change notification, SDLTM.UI.Analyze.AnalyzeTools, DiagramShapeRefreshRequired
        Timestamp=13893856571
    SDLTM.exe Information: 0 : TM change notification, SDLTM.UI.Analyze.AnalyzeTools, ThreatModelConnectionRefreshRequired
        Timestamp=13893929861
    SDLTM.exe Information: 0 : TM change notification, SDLTM.UI.Model.ModelTools, ThreatModelConnectionRefreshRequired
        Timestamp=13905626601
    SDLTM.exe Information: 0 : TM change notification, SDLTM.UI.Model.ModelTools, DiagramTreeChanged
        Timestamp=13928021826
    SDLTM.exe Information: 0 : TM change notification, SDLTM.UI.Model.ModelTools, ThreatModelConnectionRefreshRequired
        Timestamp=13935792090

    Thursday, January 14, 2010 2:34 AM
  • Hey Allen,

    Can you create a new TM and see if you can repro this? If so... can you email me your file to dana (a) vulscan.com so I can try to repro it here.
    Wednesday, January 27, 2010 11:11 PM
  • OK, so when I was at Microsoft we went through several bugs and triaged them with the lead developer.

    We are hoping for a build by the end of the summer that should address this bug as well as several others reported by the community.

    Friday, April 2, 2010 5:48 AM
  • Allen:  I know this is very late to add any input here; I hope you did not take up this offer from Dana Epp.  I can't say much more than this or I end up violating the code of ethics which I agreed to when using this website.

    As for me, I have no input to your question.  I looked to see what responses you had received.

    Tuesday, April 13, 2010 12:49 AM
  • Don’t understand the social dynamics here, but the app has a major flaw limiting its usefulness and it appears those that are suppose to help are more concerned about what each other knows than resolving the problem.

    Tuesday, April 13, 2010 3:01 AM
  • I don't understand your comment. What offer did I make that Allen isn't supposed to follow up on? Why is your first post you ever made in the forums a criticism of a request I made of Allen to test out the model back in January?

    If you have something to contribute that is contradictory to what I have said, we are all ears. I am not sure what ethics you are breaching by NOT helping the community if you have something constructive to say.

    Please clarify yourself. The floor is yours.

     

    Tuesday, April 13, 2010 4:21 AM
  • I don't understand your comment. What offer did I make that Allen isn't supposed to follow up on? Why is your first post you ever made in the forums a criticism of a request I made of Allen to test out the model back in January?

    If you have something to contribute that is contradictory to what I have said, we are all ears. I am not sure what ethics you are breaching by NOT helping the community if you have something constructive to say.

    Please clarify yourself. The floor is yours.

     

    Tuesday, April 13, 2010 4:21 AM
  • I'm not sure what the social dynamics you are referring to come in. You have found a bug which I personally reported to Microsoft and got feedback on when we could expect a fix. They have triaged the bug and scheduled the fix to be released in the next version, due out at the end of the summer, which I reported back to you after I talked to the team at Microsoft.

    What more were you expecting? Microsoft is making this tool available FOR FREE to the community, and allocated resources to it as available. The SDLTM works extremely well; I am sorry you find it "limiting" in how you complete threat models. However hundreds of threat models have been used using this tool successfully. Hopefully you can continue to find value in the tool until it can be fixed to your satisfaction.

    Tuesday, April 13, 2010 4:28 AM
  • I expect it to work… At least the major features and for you to mark your own post as the “Answer” (over 2 months later) and then imply my expectation is unreasonable because the product is “FREE” really rubs me the wrong way. And, it appears I might not be the first.

    You seem to forget that nothing is really “FREE” if you have to invest your own time to learn to use it or in this case troubleshoot a bug. Often something more expensive is cheaper to use.

    Tuesday, April 13, 2010 1:33 PM
  • Allen-

    I'm working on getting someone from the SDL team on the hook to help you out here, I'm sorry it's taken a while to get a good answer, but hopefully we'll have something help ready shortly.

    Regards,
    Arjuna Shunn
    Trustworthy Computing

    Friday, June 18, 2010 9:58 PM
  • Good Luck, but thanks for you help.
    • Proposed as answer by Bill425 Wednesday, September 15, 2010 8:49 PM
    Thursday, June 24, 2010 4:05 AM
  • Hi Allen,

    This bug has been fixed and will be available in our next release.

    Thanks,

    Bill

    • Proposed as answer by Bill425 Wednesday, September 15, 2010 8:51 PM
    • Marked as answer by Dana Epp [Security MVP] Wednesday, September 15, 2010 8:51 PM
    Wednesday, September 15, 2010 8:50 PM
  • We have found a work around for this because it was driving us crazy.  First of all, DO NOT right-click on a dataflow element and select I nclude in next laye r from the drop-down menu. That is a sure way to get a app crash on every system we have tried.

    Instead:

    1. Create the Child Diagram by right clicking in the Diagram tree pane
    2. On the main pane, select the dataflow elements you want in the Child Diagram
    3. Use <Ctrl>C to copy them
    4. Navigate to the Child Diagram and then use <Ctrl>V to paste them. At this point your Child Diagram will have elements that are the same as entities as in the Parent. They do not seem to be copies in the threat list or in the reports, but rather separate views of the same elements. For example, if I copy Process123 from the contect diagram to the child diagram, there is only one Process123 in the Reports or in the resulting TM file. For this reason step 5 applies.
    5. IGNORE the suggestion in the help manual "For each data flow element, right-click on the element and select "Do not auto generate threats. " This removes all the threats for those elements from the entire TM. Generally a bad idea IMHO.

    So far this has well worked for us on several projects. Maybe there is an added benefit to using the I nclude in next laye r feature, but since it crashes, we won't know...

    Hope this helps everyone who might get frustrated with an otherwise cool piece of software.

    Eric


    Eric Byres P.Eng Chief Technology Officer Tofino Security Inc. Tel 250 390 1333 | eric@byressecurity.com Makers of Tofino™ | tofinosecurity.com Visit our blog: Practical SCADA Security Follow Eric Byres on Twitter
    • Proposed as answer by Eric B Friday, December 10, 2010 2:30 AM
    Friday, December 10, 2010 2:26 AM