winery

Use hardcoded namespaces for threat modeling

Context and Problem Statement

The threat modeling approach relies on pairs of threats and mitigations. Each “threat” should be referenced by one particular “mitigation”.

Considered Options

• hardcoding the namespaces, default node types and properties.
• dynamic namespaces similar to “pattern namespaces” for threats and mitigations

Decision Outcome

Chosen option: hardcoded namespaces, due to ease of implementation and static nature of the problem

Positive Consequences

In the context of threat modeling multiple different types of threats/mitigations are not necesaary so a minimal base type that carries the required properties (reference) can be used and extended

License

Copyright (c) 2018 Contributors to the Eclipse Foundation

See the NOTICE file(s) distributed with this work for additional information regarding copyright ownership.

This program and the accompanying materials are made available under the terms of the Eclipse Public License 2.0 which is available at http://www.eclipse.org/legal/epl-2.0, or the Apache Software License 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0.

SPDX-License-Identifier: EPL-2.0 OR Apache-2.0

This site is open source. Improve this page.