pytm icon indicating copy to clipboard operation
pytm copied to clipboard
verified publisher icon izar

Use RAAML for threat models

Open kuwv opened this issue 2 years ago • 3 comments

Model Based Systems Engineering (MBSE) typically uses SysML to interconnect models. The Risk Analysis and Assessment Modeling Language (RAAML) specification is a SysML compliant format that would allow integration with other modeling capabilities such as simulation.

Ideally, one would be able to switch between using PlantUML or SysML but the latter does more than visualization.

References: https://www.omg.org/spec/RAAML/1.0/Beta2/About-RAAML https://github.com/gaphor/gaphor https://github.com/OWASP/threat-dragon/issues/639 https://www.oreilly.com/library/view/threat-modeling/9781492056546/ch04.html

kuwv avatar Apr 19 '23 18:04 kuwv

so if I understand you correctly you are proposing RAAML as an additional output option for pytm?

izar avatar Apr 20 '23 15:04 izar

@izar yes as an alternative output format

kuwv avatar Apr 20 '23 15:04 kuwv

sounds great! I don't think any of the current collaborators is fluent in RAAML, is that something you could send a PR for?

izar avatar Apr 20 '23 15:04 izar