Skip to content
@Spyderisk

Spyderisk

Risk assessment and risk modeling tool

Welcome to the Spyderisk Open Project on GitHub

Complex socio-technical computer systems are too vast and intricate for any human to understand. In a large airport, or a global social networking app, or many other modern system there is a lot more than just technology involved, as illustrated here:

Socio-technical systems framework [1]

Each of these influences are constantly changing, and are complex systems in their own right. How can anyone predict if such a system can be trusted, or what its effects could be on our daily lives? Society is rightly concerned, and Spyderisk is our response to this concern.

The Spyderisk Open Project Strategy explains our aim to:

Revolutionise understanding of the trustworthiness of socio-technical systems by establishing an international Open Community supporting the research, development, use and support of open, effective, and accessible risk assessment methods, knowledge and tools.

The Spyderisk Open Project started in 2023, building on 15 years of history in risk assessment.

All our work is published and maintained under open licenses - software source code, ontologies, domain model database, online training, documentation, and academic papers. The Spyderisk Open Project was founded by the University of Southampton in England, but we welcome all collaborators and contributors. You can contact us via the spyderisk-dev list.

Who is Spyderisk for?

Spyderisk at present in 2024 is for people who are familiar with the field of risk assessment, such as risk researchers, academics, ethicists or policymakers.

The Spyderisk Open Project focusses on:

  • the ethics of risk assessment
  • ontologies of harm, risk and misbehaviour
  • mathematical modelling of risk assessment
  • software tools to calculate risk in models of complex systems

While the Spyderisk software currently takes some technical knowledge to run, but as we make clear in our guide for Spyderisk System Modeller contributors anyone passionate about risk assessment can likely find a way to get involved. Even explaining what risk assessment is about is a skill, and if you have that skill we would love to hear from you.

Our introductory online course Cybersecurity Risk Assessment & Modelling: Core Priniciples is a good place to start for those who are not already in the field of risk assessment.

What is Spyderisk?

Spyderisk is for assessing risk in complex socio-technical systems. By complex systems we mean "systems of systems that humans are unable to fully understand, debug or predict, typically socio-technical-physical systems." In other words, humans build critical systems that are unknowable, and so we need to apply mathematics to delineate the risks in these unknowable systems.

"Socio-technical" relates to the interconnectedness of the modern world. Social aspects include legal and policy requirements and aspects of human psychology while technical components include information technology networks and machine learning/artificial intelligence. This also includes physical systems such as handheld devices, train station information zones, and human guards at country frontier checkpoints. Put together, these kinds of complex systems decide our everyday privacy, the safety of our medical records, and that airports function smoothly and safely.

The Spyderisk team has written many papers and reports related to risk assessment, including some of the first on ontological approaches to concepts such as biomedical burden and cybersecurity aspects of systems composed of IoT systems. Spyderisk starts from an ontological approach although end users of the Spyderisk software do not require an understanding of ontology.

As of Mid-2024, the Spyderisk software is in early release, fully available but only working in quite specific circumstances. To get a feel for what the software can do once it is running, the course Getting Hands on with Spyderisk explains how to model systems using the Spyderisk software.

If you are a researcher in the area of risk modelling including ontologies of risk, or if you have a specific problem domain you need to examine (particularly in cybersecurity or privacy) then you are already part of our community and Spyderisk could be for you.

The Spyderisk GitHub repositories

There are many repositories, of which the central four are:

  • Spyderisk System Modeller - the web service software, for people comfortable dealing with computer source code
  • Spyderisk System Modeller Deployment - the tools which allow a user familiar with installing software to get Spyderisk running, either on their own laptop or on cloud servers they own.
  • Spyderisk Adaptor - for users of the Python programming language commonly used in science and academia, who want to do automated risk assessment using the Spyderisk reasoner but from their own code. A running instance of the Spyderisk application has APIs that the Spyderisk Adaptor calls.
  • Spyderisk Domain Network - the most complete and advanced Spyderisk knowledgebase, describing a complex computing/IoT/cloud network in very general terms such as "server computer" or "database". Users of the Spyderisk software can then load in this model and use it as a palette for drawing their own real-world network in order to explore their particular risk profiles.

Other repositories vary from project administration tools to very specific technical code that operates on Domain Models.

We look forward to seeing you around the risk assessment community.

[1] Image copyright CC-BY-4.0, Heriot-Watt University, A method for predicting malfunctions in socio-Technical systems, DOI 10.1017/dsj.2017.4

Pinned Loading

  1. system-modeller system-modeller Public

    Spyderisk web service and web client

    Java 4 4

  2. system-modeller-deployment system-modeller-deployment Public

    Deployment scripts for Spyderisk System Modeller

    Shell 1

  3. system-modeller-adaptor system-modeller-adaptor Public

    Service sitting in front of the system-modeller, providing additional (sometimes experimental) functionality

    Python

  4. domain-network domain-network Public

    Network domain model

    1

Repositories

Showing 10 of 19 repositories
  • system-modeller Public

    Spyderisk web service and web client

    Spyderisk/system-modeller’s past year of commit activity
    Java 4 4 68 2 Updated Jan 16, 2025
  • tree-sitter-kappa Public

    Tree Sitter grammar for the Kappa Language

    Spyderisk/tree-sitter-kappa’s past year of commit activity
    JavaScript 1 Apache-2.0 0 0 0 Updated Dec 19, 2024
  • domain-network Public

    Network domain model

    Spyderisk/domain-network’s past year of commit activity
    1 Apache-2.0 0 75 0 Updated Dec 5, 2024
  • c-lsp Public
    Spyderisk/c-lsp’s past year of commit activity
    Python 0 Apache-2.0 0 0 0 Updated Nov 19, 2024
  • risk-report Public

    Tool to extract information from a system model describing the reasons for the risk levels

    Spyderisk/risk-report’s past year of commit activity
    Python 0 Apache-2.0 0 0 0 Updated Nov 5, 2024
  • domain-csv2nq Public

    Convert from domain model CSV source files into NQ artifact

    Spyderisk/domain-csv2nq’s past year of commit activity
    Python 0 Apache-2.0 0 5 1 Updated Oct 30, 2024
  • domain-csv2doc Public

    Tool to convert from a domain model's CSV serialisation to a documentation website

    Spyderisk/domain-csv2doc’s past year of commit activity
    HTML 0 0 5 0 Updated Oct 28, 2024
  • .github Public

    Special repo for the Spyderisk Organisation profile

    Spyderisk/.github’s past year of commit activity
    0 0 1 0 Updated Oct 28, 2024
  • Access-Tool Public

    Tool to create a plain text dump of a Microsoft Access database

    Spyderisk/Access-Tool’s past year of commit activity
    Python 6 2 5 0 Updated Oct 3, 2024
  • system-modeller-deployment Public

    Deployment scripts for Spyderisk System Modeller

    Spyderisk/system-modeller-deployment’s past year of commit activity
    Shell 0 1 8 0 Updated Sep 18, 2024