Home page logo

webappsec logo WebApp Sec mailing list archives

Re: Threat Modeling
From: Adrian Wiesmann <awiesmann () swordlord org>
Date: Sat, 22 May 2004 00:37:42 +0200

_However_ I can recommend a software product called CRAMM.  I don't know
if you've used it, but basically it's a tool developed by HMG in
 The great thing about it, and the reason it costs 4,000 GBP is that it
contains a database of over 3000 threats, vulnerabilities and

IMHO this sounds a little bit overpriced to me, for I guess most of that
information is common knowledge already. Although I do not know that
specific content.

As mentioned in a post before, one of the goals of the open source
project: Security Officers Management and Analysis Project (www.somap.org)
is to build such a repository containing all the relevant informations.
The database/repository will then be published under an open source
licence (FDL). SOMAP is currently in negotiation with an organisation for
an initial fill (and consecutive bidirectional update) of that repository.
There is not much right now for the project only started. But if anybody
is interested, just drop me a note.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]