Octotrike.org
Home Docs Tools Papers Talks Contact
¤ Trike

Trike is an open source threat modeling methodology and tool. The project began in 2006 as an attempt to improve the efficiency and effectiveness of existing threat modeling methodologies, and is being actively used and developed.

There have been three versions of the Trike methodology:

  • Version 1 is documented in a white paper. Highlights include automatic threat generation at the requirements level and automatic generation of attack trees.
  • Version 1.5 is partially documented in the help spreadsheet for the version 1.5 implementation. It is an interim bridge between version 1 and version 2. Highlights include improved automatic threat generation at the requirements level, security objectives, the complete absence of threat trees, and HAZOP analysis.
  • Version 2 is a yet-to-be-documented superset of version 1.5. Additional highlights include semi-automatic threat generation at the architectural level and attack chaining. Version 2 is under active development. Most of our more recent talks give previews of different portions of the version 2 methodology.
  • There have been several different Trike tools; for the full scoop, see our tools page.



Octopus

News

31 Jul 2012
Brenda Larcom will be presenting a half-day tutorial on using the current Trike spreadsheet to write security objectives at IEEE RE 2012, September 25 in Chicago, IL.

1 Jul 2012
First official spreadsheet release, 1.5.06.

1 Jul 2012
New SVN and web site organization to support parallel development of the standalone and spreadsheet tools.

Thanks

SourceForge.net Logo

Copyright © 2004-2008 Brenda Larcom, Eleanor Saitta, and Stephanie Smith. Copyright © 2009-2012 Brenda Larcom and Eleanor Saitta. All rights reserved.