Custom report: Risks Breakdown.xslt
ParanoidMike
significant sets of data for the reader:
1. Table summarizing the #s of Threats by Category (confidentiality,
integrity, availability) and by Response (Accept, Avoid, Reduce,
Transfer).
2. Table summarizing the #s of "Critical" Threats by category &
response -- where "critical" means a Risk Rating of 6 - 9 (on the 1-9
scale).
3. Tables documenting the Threats that have not been Mitigated (i.e.
whose Risk Response != "Reduce").
This is a report that I will put in front of management to show them
(a) how much work we've done in (1) & (2), and then give them an
opportunity to examine the things we propose not mitigating and *why*.
Unfortunately, I have at least one major bug in this report: I cannot
figure out how to populate the tables in (3).
You're welcome to try this yourself, and to leverage the work I've
done so far. If anyone has any idea how to fix the bug(s) that my
report still has, please let me know and/or just upload a fixed
version of the file. Any contributions are welcome.
Have a look in http://groups.google.com/group/microsoft-threat-modeling-tools/files
for the "Risks Breakdown.xslt" file.
P.S. I will be refactoring this XSLT file to create a number of XSL
"templates", and try to reduce the amount of duplicated XSL and
Javascript I'm using. [Expedience first, elegance second.]