This tool provides a genericised template for producing risk analyses according to a combination of statistical, mathematical and computational heuristics. It is intended to be used by teams wishing to increase awareness of security issues arising from technical debt.
A threat is way of causing damage to a system. A vulnerability is a flaw in the system that makes it possible for a threat to occur. An attack on a system is the realization of a threat through the exploitation of one or more vulnerabilities. The risk of an attack is the probability of that attack to occurs multiplied by its impact.
This tool outputs Markdown-formatted text for flexibility in integration.
For further information refer to company-specific documentation, including frameworks such as the STRIDE, FAIR, attack-tree and DFD models.
Created by Josh Hills for Jagex Games Ltd., using Formio (BSD)