[15596] in cryptography@c2.net mail archive
Re: threat modelling tool by Microsoft?
daemon@ATHENA.MIT.EDU (Joseph Ashwood)
Thu Jun 10 08:42:41 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Joseph Ashwood" <ashwood@msn.com>
To: <cryptography@metzdowd.com>
Date: Thu, 10 Jun 2004 01:02:56 -0700
----- Original Message -----
From: "Ian Grigg" <iang@systemics.com>
Subject: threat modelling tool by Microsoft?
> Has anyone tried out the threat modelling tool
> mentioned in the link below, or reviewed the
> book out this month:
>
> http://aeble.dyndns.org/blogs/Security/archives/000419.php
I played with it for a bit, short story: it crashed. Long version: it feel
very clunky, and lacking in features. The output isn't very pretty either,
and rather difficult to understand. Additionally, although it can find users
easily (in fact it already does this) it doesn't import them without manual
intervention. With a large userlist though I suspect that the user listing
interface would become rather unusable.
With that said, for a small installation it should be fairly usable, and
certainly better than nothing. For a large installation though or a
situation where depth of security analysis is necessary it will probably
become unwieldly, and it seems likely to collapse under it's own weight.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
