-
Notifications
You must be signed in to change notification settings - Fork 2
Home
The Threat-Vector-Questionnaire is an interactive GUI used to capture the architectural knowledge. This functionality provides the developers with an interactive and easy to use GUI to capture the design knowledge (security patterns as well as technical design decisions) around security architecture of the application.
The goal of the Threat-Vector-Questionnaire was to develop a threat generation module that can leverage software requirements to generate threats. To achieve this goal, we developed a requirements analysis and reasoning module.
The Threat-Vector-Questionnaire uses advanced natural language processing techniques (NLP) to identify requirements with security implication. This capability works with the list of requirements stored in a csv file, then automatically identify security related requirements and based on them generates a set of threats relevant to the application.