mailing list archives
Re: Threat Modeling
From: Adrian Wiesmann <awiesmann () swordlord org>
Date: Sat, 22 May 2004 00:37:42 +0200
_However_ I can recommend a software product called CRAMM. I don't know
if you've used it, but basically it's a tool developed by HMG in
The great thing about it, and the reason it costs 4,000 GBP is that it
contains a database of over 3000 threats, vulnerabilities and
IMHO this sounds a little bit overpriced to me, for I guess most of that
information is common knowledge already. Although I do not know that
As mentioned in a post before, one of the goals of the open source
project: Security Officers Management and Analysis Project (www.somap.org)
is to build such a repository containing all the relevant informations.
The database/repository will then be published under an open source
licence (FDL). SOMAP is currently in negotiation with an organisation for
an initial fill (and consecutive bidirectional update) of that repository.
There is not much right now for the project only started. But if anybody
is interested, just drop me a note.