Ability to capture Threat Models in Automation Hub

I’d like to see the ability to either directly capture threat model information (including STRIDE) as part of the automation record in Automation Hub, and/or integration with tools like Threat Modeler.

Threat modeling is becoming more and more apart of day to day business and to help provide both insight and visibility by security and operations, having a place within the automation lifecycle to capture and mature threat models would greatly enhance the overall solution.

@georgekoch3 just to clarify are you referring to capturing thread models for the automations that are being built and tracked inside Automation Hub or for the underlying processes on top of which the automations are built. Let us know.

That’s essentially it. If you think about threat models in terms of the Golden Path: https://engineering.atspotify.com/2020/08/how-we-use-golden-paths-to-solve-fragmentation-in-our-software-ecosystem/, the details of a threat model are similar if not duplicative to what is generated as part of process discovery and solution design. What we are thinking about automating and how we are thinking about going about doing it are critical aspects of threat models.

Today, there isn’t a good way to incorporate that into the automation lifecycle process. I’d like to see something in Automation Hub that would allow teams to integrate with tools like ThreatModeler.

https://threatmodeler.com/automate-threat-modeling-using-threatmodeler-avocado/