On Friday last week I was sitting in my office with a cappuccino about to get stuck into the e-mails I had received overnight when Rocky Heckman walked over. Apparently Rocky had the same idea but we took the opportunity to have a catch up and talk about some of the stuff we had been working on lately.
Recently Rocky completed a tour of Australia and New Zealand presenting with a number of speakers from Microsoft talking about a wide variety of security related subjects. One of the things that was covered at the Security Interchange events was the new Threat Analysis and Modeling Tool (BETA 2).
Rocky gave me a guided tour of the application and showed me how it can help application teams understand what the potential threats are to their applications and also provide guidance to mitigate thouse threats.
During the course of our discussion we talked about the file format in which Torpedo (the codename for the tool he was showing me) stores its data. Obviously its an XML file which means the data it contains is open for reuse.
When I saw the tool in action I thought that it would be cool if we could somehow upload the data into Team Foundation Server where the development of counter-measures for the generated threats could be tracked. I suggested to Rocky that I could bash together a simple utility that walks the XML file and creates Tasks in a Team Project.
Since Friday night I’ve been spending a few hours here and there putting the tool together and its finally read to be thrown out there for use. The application reads in the *.atmx file and looks for all threats which are set to reduce and all the counter-measures which are flagged for implementation.
Once the Upload button is clicked it connects to Team Foundation Server and creates Tasks for the identified threat and counter-measure combinations, inserting some of the details from Torpedo.
I’ve deployed the application using ClickOnce so you can just go and install it directly from this web-site, and you should be able to get updates automatically as I patch up any issues that people find with it. I’ve tried to tighten up the code to a reasonable level for this release, but I know that there are probably a few usability issues. If you have any comments feel free to leave comments on this post or shoot me an e-mail.