OWASP Threat dragon

[Johan Sydseter]

Hi everyone.

The OWSP Threat Dragon project has been trying for some time to link to each of the eop cards from their tool, but progress has stagnated, could this be an easy win for us?

Reason I am saying this is that I have been dreaming about this for some time.

https://github.com/OWASP/threat-dragon/issues/140

https://github.com/adamshostack/eop/issues/3

My dream would be some form of integration between those tools. Details TBD, but what I would love is if it was possible to open OWSP Threat dragon, creat a threat model, then click on a button and link to and start a new game on copi.owasp.org, then afterwards, go back to the model and link the cards that scored to each of the applicable threats from owasp threat dragon. I know this require quite a bit of work, but I believe it would be a huge step forward for both of the tools. As we have the data for both eop and cornucopia, I believe we are in a unique position.

What do you think? 

Best regards Johan Sydseter

[Grant Ongers (OWASP)]

It is ambitious! How active are the Threat Dragon devs?

--
You received this message because you are subscribed to the Google Groups "Cornucopia Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cornucopia-proj...@owasp.org.
To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/cornucopia-project/0E8C6950-128B-4761-8619-FE28AC5D49CE%40gmail.com.

--

Grant Ongers Co-Lead | OWASP Cornucopia Project Co-Lead | OWASP OWASP PSCF OWASP Compliance Officer F164 738F 16BF FDBF F0B6 5720 C986 8AF7 5F41 97BE

[johan sydseter]

They are at least answering the posts on Github, besides that, I don't think I would have much trouble contributing if that is the issue. They were talking about a 2.3 release and they released 2.0 last year so I think they are fairly active.

But we have quite a few things on our own backlog as well. So perhaps it would be worth trying to do this in stages and take the opportunity to prepare ourselves for the next stage as well. Would be great if we could discuss all of this in the next quarterly to lay out some plans. 

To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/cornucopia-project/CADVP%2BdOz1jm62Xz97BH5-hozLXCa044kSzSCsT4LDV87fm4B6Q%40mail.gmail.com.

[Xavier Godard]

Yes, that's definitely a great idea Johan. We could also add a threat to a threat model created in Threat Dragon from copi. There are plenty of possibilities!

Before we can do that we might need to create an actual API so that the database can be accessible from the outside world. Happy to discuss that in our next meeting.

It's definitely a great idea to create some collaboration between both projects.

To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/cornucopia-project/CAN5K%3DKL22BgssyawxkmmX9fbYO3kL62%2BX8XURWvOKw7NyXhOEw%40mail.gmail.com.

[Max Alejandro Gómez Sánchez Vergaray]

Hi guys!! I think that maybe we can use Cornucopia to identify the abuse case modeling and then execute the threat modeling. 

Maybe I can show You how do I use Cornucopia and complement with the threat modeling with a other tool.