OWASP
Add accepted, transfered, avoided status for threats
Describe what problem your feature request solves: For each threat, we can select status "N/A", "Open", "Mitigated". According to most standards/publications, risk treatment options include accept, mitigate, avoid, transfer.
Describe the solution you'd like: Add 3 more options for threat status:
- accepted
- transferred
- avoided
Additional context:
Transferred and accepted are mentioned in the three-tier demo model (postgres process), but only as free text in the mitigations field, while the status is "mitigated".
This is a good point @kostasadriano , and we could consider TAME (Transfer Avoid Mitigate Evade) as a drop down There is a risk that we could make the threat entry form too 'busy', and so possibly also make the Priority as a drop down instead of radio buttons
This is a good point @kostasadriano , and we could consider TAME (Transfer Avoid Mitigate Evade) as a drop down There is a risk that we could make the threat entry form too 'busy', and so possibly also make the Priority as a drop down instead of radio buttons
First time I've seen it as TAME, the Evade part specifically. Can you post a link?
oops, sorry @kostasadriano it was a bit late in the evening for me - I should have said TAME : Transfer Accept Mitigate Eliminate (or Evade) for the risk management framework. It is handy not to have two 'A's
and thinking on this further, where Threat Dragon says 'Mitigations' this should really read 'Remediations' to take all of MATA / TAME into account