Category talk:Threat Agent

From OWASP
Jump to: navigation, search

I can appreciate the attempt made to clarify threats with respect to risk, but a redirection on the wiki from threat to threat agent does not, in my opinion, clarify the most basic concept of threat. The definition of 'threat agent' is distinct from the definition of 'threat'. Agent implies a causative entity and, in the case of the wiki entry, I think has been roughly sketched. What has not been done yet is to define the types of events (the threat) the causative entity (threat agent) brings about. Perhaps a rough workflow of a standard security event (a system compromise) will serve to identify the necessary components that need definition. This may also provide the context needed to keep the definitions from shifting. Here is my previous comment on threat: Category_talk:Threat

Thanks for the comments. You're absolutely right. The intent was not to indicate that 'threat' and 'threat agent' are the same thing. We simply moved the page and it left a redirect behind automatically. I like the idea of creating a model for the 'workflow' or attack-flow or risk-flow or whatever. Can you help us put an article together?