There are open source alternatives that are pretty good, like for example FreeMind:http://freemind.sourceforge.net/wiki/index.php/Main_PageAlthough not specifically designed to model attack trees, FreeMind can be used for exactly that purpose. I have used it many times in the past to create comprehensive threat models for a wide variety of application domains.
Thanks for the comment. Anyways, the point was the hilarous comment about they being able to predict the 9/11 attack :).I'm personally no fan of attack trees anyways :).
Agreed, the specific example is at the very least stupid. But generally attack trees are an interesting modelling methodology.
Threat modelling your applications sounds like a good idea...however creating attack trees in order to predict 73rr0 attacks and falling towers..coooome on! Worst thing is that the example probably brought a couple leads..
Post a Comment