PyTM is an effort to enable developers to create and maintain threat models in a way that is natural for them, using a familiar OO syntax (Python, but should be generic enough to enable any developer with minimal OO experience to use it) to describe a system in terms of its elements and their attributes, in a way that can be easily shared, version-controlled and collaborated on.
That description is a self-enclosed Python script that when run generates diagrams (DFDs and sequence), threats (based on a library of rules) and reports (joining diagrams and threats).
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful.
This program is free software: you can redistribute it and/or modify it under the terms of the MIT License as published by the Massachusetts Institute of Technology. OWASP PyTM and any contributions are Copyright © by the Project Leader(s).
As of November, 2013, the highest priorities for the next 6 months are:
Subsequent Releases will add
Involvement in the development and promotion of Tool Project Template is actively encouraged! You do not have to be a security expert or a programmer to contribute. Some of the ways you can help are as follows:
This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc.
Matthew J. Coles