Creating custom reports (aka XSLT files) from the in-box TAM reports - not as easy as I thought

0 views
Skip to first unread message

ParanoidMike

unread,
Aug 16, 2007, 3:59:00 PM8/16/07
to Microsoft Threat Modeling Tools
This is both an FYI and a request for help. I spent quite a while
knocking my head against the wall (lucky my skull's pretty thick),
trying to create a summary report for the management of a project for
which I'd developed a fairly sizeable threat model, using Threat
Analysis and Modeling v2.1.2 (aka TAM).

First thing I learned was that the Reports generated by TAM are
actually generated by XSLT files that process the Threat Model file
that's open in the TAM tool. I was intimidated by the cryptic syntax
of XSLT, so I spent a few weeks digging around the 'net, evaluating
different tools that claimed to help with developing XSLT. After an
extremely frustrating evaluation, I came to the conclusion that there
are no "intuitive" tools that provide the kind of "visual design" I'm
used to from Visual Studio.

Stymied from a top-down approach, I made some bottom-up effort, taking
the existing XSLT files that ship with TAM (which are found under
%PROGRAMFILES%\Microsoft Corporation\Microsoft Threat Analysis and
Monitoring\Graphics\Reports ?), and cutting & pasting various elements
to get what I wanted.

That gave me something to work with, but I quickly realized that the
summary data I wanted would only be possible by filtering from among
the Threats that we'd documented. This led me to perhaps my most
frustrating labours so far with TAM (long, ranting discourse found
here: http://paranoidmike.blogspot.com/2007/07/xslt-10-defies-laws-of-physics-sucks.html).

The results of these labours are a still-incomplete Report that was
intended to summarize the Top Ten Threats from any particular threat
model. Pretty much the essential information that any high-level
manager would like to see, but unfortunately I don't have a good idea
how to resolve the issue.

If any of you are interested in the gory details of the XSLT & XPath
tribulations in trying to develop this, and/or you think you might
know of a way to work around the problem, please have a look at the
usenet discussion here:
http://groups.google.com/group/microsoft.public.xsl/browse_thread/thread/f3af4340991740e5

All thoughts, sympathies or feedback are welcome - I'm sure no expert
at this stuff, just stubbornly persistent - some would say beyond the
point of reason ;)

Cheers, Mike

Reply all
Reply to author
Forward
0 new messages