split out into suits

[jgadsden]

Hello @adamshostack we are thinking of ways to link to the EoP card deck from the OWASP tool Threat Dragon.

TD suggests STRIDE when adding threats to the data flow diagram, and one idea is that when one of STRIDE categories is suggested by TD, then the default description could have a link to the specific EoP suit (so for example if it is Repudiation then we could link to the EoP Repudiation suit). An issue has been raised with TD on this https://github.com/OWASP/threat-dragon-core/issues/25 .

This is not really practical at the moment because if I understand correctly we can link to the pdf with all suits, but not to the individual suit. Linking to a single pdf with all suits will probably be too wide a focus for the users of TD. Could this repo provide the suits split out individually?

It may be that eventually the threat engine in TD could be more sophisticated and suggest a subset of a suit ... but that is some time away :-)

[adamshostack]

So do you want the card images, or the data? I think the .yaml might be the most flexible integration point - you could style and present the data with a lot more control than pulling a pdf.

[jgadsden]

Ah, yes, thanks, you make a good point @adamshostack . I was focussing too much on linking over to the card deck, when of course the threat information is accessible in cards.yaml - which can be accessed by TD as and when .

Did you want to close this issue? and thanks again for the clarification

[adamshostack]

I love nothing more than closing issues! :)

And you're welcome!