- From: Doyle, Bill <wdoyle@mitre.org>
- Date: Tue, 12 Jun 2007 14:40:02 -0400
- To: "Rachna Dhamija" <rachna.public@gmail.com>, <public-wsc-wg@w3.org>
- Message-ID: <518C60F36D5DBC489E91563736BA4B5801814AD8@IMCSRV5.MITRE.ORG>
Sorry for the delay. M2C is that threats due to a flaws in code, OS, network or application design should be separated from vulnerabilities due to limitations of the environment itself. Threats due to flaws in code and in use by OS, network, User Agent, GUI are often fixed or due to be fixed by a patch. Since many of the vulnerabilities are out of scope, maybe the WSC WG could decide on a subset of test that are important and priority of the tests to run. It could be interesting to see if a specific recommendation enables a user to retain a secure posture in the event of DNS poisoning, but is this the first test that should be run? Bill D. ________________________________ From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Rachna Dhamija Sent: Monday, June 04, 2007 7:55 PM To: public-wsc-wg@w3.org Subject: ACTION 215: Revisit threat trees It would be helpful if people could look over the threat trees before or during the next call: http://www.w3.org/2006/WSC/wiki/ThreatTrees I modified the tree to add some attacks that are in scope but were not reflected. One source of confusion was that the section previously labeled "site-impersonation attacks" only listed techniques to lure users to the wrong website ( e.g., sending a link in email), rather than site-impersonation attacks themselves (e.g. chrome spoofing). Luring and site-impersonation attacks are now in separate sections. If you disagree with anything here, please edit the wiki! As we discussed at the F2F, we still need to: - determine how to integrate threats with the use cases (Rachna and Johnathan think that use cases and threats are independent and don't need to be integrated. Tlr may disagree). - add references to evidence of actual attacks and vulnerability databases (as suggested by Stephen F and seconded by Rachna) - add any missing attacks (so far, only Yngve has reviewed and added attacks) - make the terminology more formal and distinguish vulnerabilities, risks, threats and exploits (as suggested by PHB) - decide what to do with out of scope attacks (include them or not) I am closing out this action, though I expect that related actions will be assigned during the next call. Rachna
Received on Tuesday, 12 June 2007 18:40:21 UTC