[Owasp-leaders] UNLEASH THE HOUNDS

Tom Brennan - OWASP tomb at owasp.org
Mon May 15 21:02:48 UTC 2017

If you need a place for it to run live as a benifit for OWASP Members
consider what we built at: Virtual Village

On Mon, May 15, 2017 at 4:42 PM, Mike Goodwin <mike.goodwin at owasp.org>

> Hello Tom,
> Thank you for sharing this - it was an interesting read. On the subject of
> threat modeling tools, you might be interested to know I am working on an
> OWASP incubator project to deliver a cross platform threat modeling tool
> that should meet many of the requirements your working group listed. It's
> called Threat Dragon <https://www.owasp.org/index.php/OWASP_Threat_Dragon>.
> It has an online web app variant
> <https://github.com/mike-goodwin/owasp-threat-dragon> with a working
> deployment <https://threatdragon.org> in sync with the master branch and
> an installable desktop variant
> <https://github.com/mike-goodwin/owasp-threat-dragon-desktop> based on
> Electron. The desktop variant is new and a little rough around the edges
> (e.g. I''m not regularly building an OSX version yet). The major
> development of the project is a threat generation engine. The current one
> is just a stub.
> I would be very interested to get your feedback on the project, or that of
> any of other authors of the SAFECode threat modeling paper. It was quite
> instructive that you, as an active OWASP member, were not aware of this
> project. It just goes to remind me I need to lift my head up from the code
> and speak to people about it a lot more ☺
> Best regards,
> Mike
> On 15 May 2017 at 21:01, Tom Brennan - OWASP <tomb at owasp.org> wrote:
>> Worked on a project last year led by the late Howard Schmidt
>> <https://en.wikipedia.org/wiki/Howard_Schmidt> with SAFECode (a
>> non-profit) <http://www.safecode.org> here are the fruits of that labor.
>> *Managing Security Risks Inherent in the Use of Third-party Components*
>> The use of third-party components (TPCs), including open source software
>> (OSS) or commercial off-the-shelf (COTS) components, has become defacto
>> standard in software development. This paper breaks down the process and
>> procedures developers need in order to test, improve, and quantify the
>> security of third party components.
>> https://www.safecode.org/wp-content/uploads/2017/05/SAFECode
>> _TPC_Whitepaper.pdf
>> *Tactical Threat Modeling*
>> Threat modeling, a key technique for architecting and designing systems
>> securely, is a method that many SAFECode members employ. This paper
>> leverages SAFECode members’ insights to offer effective ways to better
>> integrate threat modeling and provides a great resource for organizations
>> that are looking to integrate threat modeling into their own development
>> processes and teams.
>> https://www.safecode.org/wp-content/uploads/2017/05/SAFECode
>> _TM_Whitepaper.pdf
>> *FREE Online Training*
>> https://training.safecode.org/courses
>> All of the collaborators are easy to find online if you have any
>> questions.
>> @brennantom <http://www.twitter.com/brennantom>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> --
> *Mike Goodwin*
> OWASP Newcastle UK Chapter Leader
> <https://www.owasp.org/index.php/Newcastle>
> OWASP Threat Dragon Project Leader
> <https://github.com/mike-goodwin/owasp-threat-dragon>
> @theblacklabguy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170515/cb6ddfd3/attachment-0001.html>

More information about the OWASP-Leaders mailing list