Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is this initiative still active? #1

Open
jaxley opened this issue Sep 6, 2023 · 3 comments
Open

Is this initiative still active? #1

jaxley opened this issue Sep 6, 2023 · 3 comments

Comments

@jaxley
Copy link

jaxley commented Sep 6, 2023

Haven't seen updates since 2021. I've been looking for uses of ontology to derive threats from descriptions of infrastructure. This one at least derives them from DFDs, but in Threat Dragon format.
@yurix
Copy link

yurix commented Sep 14, 2023

Jaxley,
This tool was developed based on research made by Andrei Brazhuk https://scholar.google.com/citations?user=lxR8RLkAAAAJ&hl=pt-BR&oi=sra. No papers released after 2021.

I'm currently researching threat elicitation with recommender system support. A initial proof of concept tool called "Threat Copilot" has developed and published in https://github.com/yurix/threatcopilot

[]s

@nets4geeks
Copy link
Collaborator

nets4geeks commented Sep 26, 2023
edited
Loading

@jaxley, @yurix, nice to meet you.

We are still working on the project. And in 2021 and after it we made some contributions, in particular:

If the interest still existed to our work, we could discuss in any form. my email is andrew. brazhuk (at) gmail. com

@yurix, the Threat Copilot seems to be a promising project. Is there its description on English?

@yurix
Copy link

yurix commented Oct 11, 2023

@nets4geeks, hi!

Recently i have published a paper about the tool:

Abstract. Secure software development processes aim to ensure that products
can operate effectively even in the face of attacks. One relevant activity in a
secure development lifecycle is identifying security flaws proactively through
threat modeling. Various threat modeling methods have been proposed in both
industry and academic research. Despite this, integrating this activity into de-
velopment teams has not been straightforward. This paper introduces a tool
named ”Threat Copilot”, which is a knowledge-based recommendation system.
Its purpose is to identify threats by comparing them to pre-existing threat models
within an organization. Preliminary results indicate that the tool can be useful
in facilitating threat elicitation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yurix @jaxley @nets4geeks