[Owasp_cornucopia] Fwd: Corncupia vs EOP

Colin Watson colin.watson at owasp.org
Mon Jul 9 16:39:51 UTC 2018

Hello Amit

Thanks for your interest in OWASP Cornucopia.

As you noted it is based on Microsoft's Elevation of Privilege (EoP) card
game, but while that was developed for threat modelling of Microsoft's
products like SQL Server, Cornucopia is solely focused on web application
threat modelling. So if you are working with web applications, try
Cornucopia first. But you may gain some alternative insights into your
projects following the STRIDE approach of EoP too. Play both!

Regarding the project, the content has gone through a number of iterations,
so the focus more recently has been on promoting it and getting it
translated into other languages. Those are not small tasks in themselves
and we look forward to further updates in due course. The recent work to
complete a French translation has been marvellous, and there is work in
progress for Portuguese and Spanish.



On 9 July 2018 at 16:30, Amit Agarwal <amitmnagarwal at gmail.com> wrote:

> Hi Dario/Colin,
> Thanks for the wonderful project.
> I am a bit confused between the two.
> Which one should be preferred?
> Also I observed, the project has not gone any updates since a year.
> It active or gone dormant ?
> Thanks
> Amit
> _______________________________________________
> Owasp_cornucopia mailing list
> Owasp_cornucopia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_cornucopia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_cornucopia/attachments/20180709/0e2c1a91/attachment.html>

More information about the Owasp_cornucopia mailing list