[Owasp-leaders] UNLEASH THE HOUNDS

Mike Goodwin mike.goodwin at owasp.org
Mon May 15 20:42:41 UTC 2017

Hello Tom,

Thank you for sharing this - it was an interesting read. On the subject of
threat modeling tools, you might be interested to know I am working on an
OWASP incubator project to deliver a cross platform threat modeling tool
that should meet many of the requirements your working group listed. It's
called Threat Dragon <https://www.owasp.org/index.php/OWASP_Threat_Dragon>.
It has an online web app variant
<https://github.com/mike-goodwin/owasp-threat-dragon> with a working
deployment <https://threatdragon.org> in sync with the master branch
and an installable
desktop variant
<https://github.com/mike-goodwin/owasp-threat-dragon-desktop> based on
Electron. The desktop variant is new and a little rough around the edges
(e.g. I''m not regularly building an OSX version yet). The major
development of the project is a threat generation engine. The current one
is just a stub.

I would be very interested to get your feedback on the project, or that of
any of other authors of the SAFECode threat modeling paper. It was quite
instructive that you, as an active OWASP member, were not aware of this
project. It just goes to remind me I need to lift my head up from the code
and speak to people about it a lot more ☺

Best regards,


On 15 May 2017 at 21:01, Tom Brennan - OWASP <tomb at owasp.org> wrote:

> Worked on a project last year led by the late Howard Schmidt
> <https://en.wikipedia.org/wiki/Howard_Schmidt> with SAFECode (a
> non-profit) <http://www.safecode.org> here are the fruits of that labor.
> *Managing Security Risks Inherent in the Use of Third-party Components*
> The use of third-party components (TPCs), including open source software
> (OSS) or commercial off-the-shelf (COTS) components, has become defacto
> standard in software development. This paper breaks down the process and
> procedures developers need in order to test, improve, and quantify the
> security of third party components.
> https://www.safecode.org/wp-content/uploads/2017/05/
> SAFECode_TPC_Whitepaper.pdf
> *Tactical Threat Modeling*
> Threat modeling, a key technique for architecting and designing systems
> securely, is a method that many SAFECode members employ. This paper
> leverages SAFECode members’ insights to offer effective ways to better
> integrate threat modeling and provides a great resource for organizations
> that are looking to integrate threat modeling into their own development
> processes and teams.
> https://www.safecode.org/wp-content/uploads/2017/05/
> SAFECode_TM_Whitepaper.pdf
> *FREE Online Training*
> https://training.safecode.org/courses
> All of the collaborators are easy to find online if you have any questions.
> @brennantom <http://www.twitter.com/brennantom>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

*Mike Goodwin*
OWASP Newcastle UK Chapter Leader
OWASP Threat Dragon Project Leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170515/fe0f54ed/attachment.html>

More information about the OWASP-Leaders mailing list