-
-
Notifications
You must be signed in to change notification settings - Fork 260
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Long term file format #850
Comments
Threat Model Bill of Materials (TM-BOM) will possibly extend and eventually replace OTM. This is being discussed 3Q and 4Q 2024 |
A notional lifecycle of a TBOM used for a new product or feature:
|
it is unlikely that any new Threat Dragon file format will follow a Threat Model BOM, so the file format that is exported by pytm is a candidate for this long term format. It is vert possible that OTM is also supported as it is similar to pytm export format |
One of the missing data options I have right now in threat dragon is to add the security controls (mitigations) which have been implemented separate from threats. Looking at both OTM and pytm those appear to solve that from my limited understanding. |
Describe what problem your feature request solves:
The Threat Dragon file format / JSON schema uses two related but incompatible versions for 1.x and 2.x, and neither of these is a format other tools can use
Describe the solution you'd like:
Threat Dragon version 3.x should use a standard file format instead of the existing incompatible versions 1.x and versions 2.x formats
Open Threat Model file format has been released and could be considered alongside CycloneDx
pytm export format is close to OTM, so it would be ideal if the new file format was compatible with both formats
Additional context:
The text was updated successfully, but these errors were encountered: