Skip to content

Update v6a6-1-1
Compare
Choose a tag to compare
@samuelsenior samuelsenior released this 21 Jun 10:46
· 4 commits to 6a since this release
v6a6-1-1
98f31fc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

In this release:

  • Refactored software vulnerability discovery by adding a new behaviour 'Vulnerability Discovered' for Host and Process assets, recasting the CVSS v2 related threats to be secondary threats cause by this new behaviour, removing the control strategies for them, and adding new threats that cause the Vulnerability Discovered behaviour, along with the including the mentioned controls on them. This then reduces the number of software vulnerability TWAs affected by threats addressed by software patching and related controls. Whilst system-modeller does not yet do this, this can then allow a future potential update to the system-modeller to filter out irrelevant asset-behaviour-threat-CSG combinations and reduce the size of risk treatment reports that include software vulnerabilities.
  • Updated the risk lookup table in the domain model, which became out of date due to the system-modeller currently ignoring it (an update will come to ystem-modeller to address this).
  • Improved the user-data interactions to better assert and determine which processes are used to access data and the subsequent correct data flow paths when there are multiple processes involved. Now user-data interactions are expressed via asserted user-process and process-data relationships, and not user-data relationships, which cannot encode which process is used to access the data. A modelling error has also been added that detects cases of Human-Data interaction relationships that have been asserted.
Assets 2
Loading