For exporting/importing files, we will have our own file format to save/load threat models .

• Research into .tm4, Microsoft's Threat Model file format, and learn from how they architected their form. See #4

• Saving
  • Serialization
    • Elements
    • Flows (Connections)
    • Boundaries
  • Download as file
• Loading
  • Deserialization
  • Load from file

• Data Classifications and Security Controls
  • adding
  • editing
    • title
    • type
  • removing
• serialize
• deserialize
• Import more Data Classifications and Security Control options, see #44

Facebook recently announced an initiative to put security threats in a comprehensive database: ThreatExchange.

We could integrate the known threats into our software accordingly for fast detection.

It is more intuitive for the user to have an overlay modal with "New" & "Load" when starting the application instead of travelling on two different pages.

Consider how draw.io does it

jsPlumb supports this, seems relatively easy

https://jsplumbtoolkit.com/doc/zooming.html

Boundaries are going to be a special type of stencil. @Glavin001 and I have discussed and we think a default jsplumb object (with no connectors) will work so long as

• we can resize the element
• we save the top left and bottom right corner

This way any elements that are within the range of the two corners are considered bound

Regarding the "Made with <3 by the Mozilla SeaSponge team" footer on the splash page of the application.

Although it is cute for smaller applications, hackathon ideas, companies, it should be avoided for this project.

Here are reasons that we shouldn't include it:

• A unnecessary distraction to the user
• It is childish for this type application; I understand that you are trying to imply friendliness, but there are other ways

Although I mentioned it before in #24 , @Glavin001 said that we should:

• Keep it due to majority consensus of the group
• Talking about it is a waste of time

Although it is a very small fix, this change will set the stage for the rest of the design choices for the application; we are aiming for a professionally-polished software (both from a software developer and product developer's perspective). Again, it is a small fix, however I really don't think discussing it further is a waste of time.

[Medium] Messages or warnings about the current threat model are shown to the user. Being able to detect problems such as missing connections between elements or forgetting a trust boundary.

There are different stencil types, for instance: OS, Windows, etc we are using tabs. Instead, let's use UI Select 2, which is more intuitive.

• Change title in Element editor
• Title changes and updates js-plumb Element
• Serialization support
• Deserialization support

• Render Icon on Element
• Use icon field for rendering Icon
• Refresh icon on change / loading (deserializing)
• Serialize
• Deserialize

The user will enter notes pertaining to the threat model or software itself. This doesn’t affect diagrams but will be included in the reports.

STRIDE interactions give us insight on potential security flaws within a threat model. The application will generate threats based on these attributes.

Reproduce

1. Load a model
2. File -> New Model
3. Examine Diagram Info

• Save/Load
• Switching diagrams

[Medium] This is the core feature of the application and top priority. We will use jsPlumb, a graph drawing tool, for this task. We will need to extend certain features of jsPlumb to suit our needs. Elements added will each have their own properties that can be edited by the user.

The filerev/usemin is not working properly in renaming the images in the code. A temporary fix has been pushed where it ignores images.

Reproduce

• Select Element
• Click Enter Title field
• Press [Enter]
• Element disappears

Users may wish to have multiple colors in their diagrams to help distinguish things based on their standards. Being able to easily change colors (or palettes) would add customization with an easy implementation.

Steps to reproduce:

• Use Firefox

While JS Plumb and a graphical components load up, a cool spinner animation full-screen overlay would be entertaining.

@Kallada what do you think about this Pull Request workflow (ref #5)? I think we should lay down the law for contributing and coding conventions. Potentially use coffeelint and define a CoffeeScript coding convention based off of Mozilla's JavaScript style guide.

What are everyone's thoughts? Let's start an open discussion here.

• Label
• Tags
• Delete Flow
• Serialize
• Deserialize

[Medium] Users can generate reports based on a threat model and the STRIDE analysis. Types of generated reports include:

• A list of threats and information related to them
• Bugs (user entered) or potential bugs related to the model
• Diagram only
• Analysis of threat model (STRIDE)

The options are all listed in the $scope of the DrawContoller. See https://github.com/mozilla/seasponge/blob/master/app/scripts/controllers/draw.coffee#L71-L82
Simple read from a file and append the new items to their respective arrays. The select fields will automatically show them and allow them to be selected.

/cc #40

Configuring Travis-CI to automatically push the main branch into gh-pages would allow people to use the latest dev copy of the application from the url: http://mozilla.github.io/seasponge/dist/ without us needing to manually push to gh-pages everytime .

@curtisko what is Mozilla's policy on implement (Google) Analytics?

I believe it would be beneficial to track usage and also record events from users to detect what features they are using most, to help us decide the priority of what we should work on next.

Alternatively, we could use Segment.io.

The difficulty of tasks were enclosed by brackets, however it makes a lot more sense to use GitHub labels instead.

Requirements:

• Polished, and professionally crafted & designed
• Look gorgeous/bad-ass and comparable to the logos of past Mozilla projects

Instead of adding another library @Glavin001 and I have discussed it may be better to implement Angular's built in filter/search. I have attempted to do this on this branch however it doesn't seem to be working. Ultimately we are filtering by the stencils title and category

See old issue #27

[Easy] Users can enter mitigations to potential threats generated via STRIDE analysis. These can be mitigations that already exist, and ones that are to be implemented in the future.

[Medium] Users can have many diagrams pertaining to a particular model. Being able to switch between and edit them independently is useful.

Missing feature! 😮

• Delete button in the Element's Properties.

• User entered assumptions to explain context for the project
• Key value pairs [user entered] for assumptions
• Edit Model UI
• Serialize
• Deserialize

This feature entails exporting a generated security report as a HTML/PDF file so that the user can present it or use it for reference.

[Easy] Since this application is entirely client-side, we can make use of local storage to save and load threats.

• Video / Screencast for usage
• Source code commented and documentation generated
• Usage documented in Wiki
• Provide sample .sponge file that showcases features

Dependencies:

• Angular
• CoffeeScript
• jsPlumb

TODO:

• Use generator-angular with --coffee enabled.
  • Convert the JavaScript version of Gruntfile to CoffeeScript with http://js2coffee.org/
• Add jsplumb via Bower.
  • Unit Test verifying that jsplumb is loaded correctly when serving web app
• Write installation and usage instructions in README for other developers
  • Developer documentation, include coding conventions
    • See https://docs.google.com/document/d/1QrDFcIiPjSLDn3EL15IJygNPiHORgU1_OOAqWjiDU5Y/edit
    • Developers should make issue branches and submit Pull Requests to be reviewed by the rest of the team. Using Pull Requests is what GitHub uses internally as well.
• Setup Travis CI
  • Travis CI badge
• Add Gitter Badge to README
  
• Generate CHANGELOG
  • Use https://github.com/btford/grunt-conventional-changelog
• Add repository field (and any others) to package.json

We could use machine learning (ML) to create our own STRIDE analysis system.

Both STRIDE and DREAD is a fairly lame heuristic approach for automatically alerting threats. This issue proposes a new way to analyze threats using ML. That is, we would analyze patterns of threats discovered by humans using the application, and create a learning model to send.

Our mechanism would compete with STRIDE analysis and likely be much better than STRIDE analysis being derived from actual human usage.

How would we derive this model? No private data would be taken, for instance if we notice people tend to label 'a "general process" with an authentication scheme isn't using SSL' being a threat - then our model would learn this trend and alert future people with in a same setup.

See https://developer.mozilla.org/en-US/docs/Web/HTML/Using_the_application_cache

Given that we have no server and are using LocalStorage and File API ( #13 ) for loading and saving files, there are no requirements to be online. As long as we specify an HTML5 Manifest file, our web application will work seamlessly even without an Internet connection!

The current most popular tool for threat modeling is the the Microsoft Threat Modelling Tool. This tool uses an XML based format for storing threat models. A user can import threat models that have been created using the Microsoft tool.

[Medium] Users may wish to create or relate to an existing GitHub issue based on potential threats SeaSponge has detected. The Threat Model can be associated to a GitHub repository, so that detected threats can be related to project issues. When corresponding issues are closed they can resolve mitigations in the threat model.

[Easy] The user may want to export an image of the threat model itself for presentation purposes. The user will be able to set the resolution or page size preferences upon export or print. With jsPlumb this should be fairly easy to add.

It has been noted that the Loading/Saving is a little cumbersome.

See https://github.com/mrquincle/jsplumb-example for example.

@Kallada since you are the most familiar with jsPlumb I thought you would like to tackle this initial setup.

Often when drawing you have an element you'd like to reproduce (icon, name, tags, etc) several times on the diagram like processes, users, etc.

Currently you can do this by adding the same stencil multiple times and manually changing the attributes to be the same, but it would be easier if there was a 'copy element' option to facilitate.

[Easy] Users may wish to save their threat models to a cloud service such as Google Drive or Dropbox. Implementing this would require using their API’s and connecting it to SeaSponge.

• Remove Flows
• More generic Stencils
  • Ex: No-relational and SQL Database should just be one Database stencil