> Is there already a good way to link an ADR Architectural Decision Record with Threat Modeling primitives and considerations?
Awesome-threat-modeling > Tools: https://github.com/hysnsec/awesome-threat-modelling#free-too...
- pytm: https://github.com/izar/pytm
- threatspec has a docstring spec for adding threat modeling annotations to source code: https://threatspec.org/
- OWASP Threat Dragon : https://owasp.org/www-project-threat-dragon/ :
> Threat Dragon supports STRIDE / LINDDUN / CIA / DIE / PLOT4ai, provides modeling diagrams and implements a rule engine to auto-generate threats and their mitigations.
- OWASP Threat Modeling Cheat Sheet > Systems Modeling: https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeli...
- https://github.com/dehydr8/elevation-of-privilege:
> An online multiplayer version of the Elevation of Privilege (EoP) threat modeling card game
- "Limits to Growth: The 30-Year Update" (2012) by Donella H. Meadows. https://a.co/7MgO0bv
- "Leverage Points: Places to Intervene in a System" (2018) https://news.ycombinator.com/item?id=17781927 & wikipedia links to systems theory
> Is there already a good way to link an ADR Architectural Decision Record with Threat Modeling primitives and considerations?
Awesome-threat-modeling > Tools: https://github.com/hysnsec/awesome-threat-modelling#free-too...
- pytm: https://github.com/izar/pytm
- threatspec has a docstring spec for adding threat modeling annotations to source code: https://threatspec.org/
- OWASP Threat Dragon : https://owasp.org/www-project-threat-dragon/ :
> Threat Dragon supports STRIDE / LINDDUN / CIA / DIE / PLOT4ai, provides modeling diagrams and implements a rule engine to auto-generate threats and their mitigations.
- OWASP Threat Modeling Cheat Sheet > Systems Modeling: https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeli...
- https://github.com/dehydr8/elevation-of-privilege:
> An online multiplayer version of the Elevation of Privilege (EoP) threat modeling card game