OpenThreatModel icon indicating copy to clipboard operation
OpenThreatModel copied to clipboard

Published 20 hours ago verified publisher icon iriusrisk

[Suggestion] AssetRisk.privacy

Open izar opened this issue 2 years ago • 1 comments

Extend AssetRisk to have a privacy attribute so it doesn't need to be conflated with confidentiality and can be explicitly called out.

izar avatar Mar 08 '22 14:03 izar

This would be good to have, I agree with @izar that we could extend the schema here:

                    "properties": {
                        "confidentiality": {"type": "number"},
                        "integrity": {"type": "number"},
                        "availability": {"type": "number"},
                        "comment": {"type": ["string", "null"]}
                    }

so that we can support risk in a wider sense than CVSS scores

jgadsden avatar Jan 30 '24 12:01 jgadsden