The Problem

I'm sure I'm not the only one who has found Freemind to be a useful tool when building threat models, however it far from perfect. So my thoughts are to identify and implement changes/enhancements/improvements to Freemind that would be it more useful in representing:
  1. System Data - how do we store the essential characteristics of the system under evaluation in some structured yet easy to edit and view from multiple perspectives and levels of abstraction?
  2. Threat/Vulnerability/Countermeasure Data - how can we add threat agents, outcomes, techniques, known/potential vulnerabilities, and countermeasures into the mind map
Automated analysis and reporting is a harder problem that I suggest we ignore until we solve the representation issue.


Here are some examples of what I'm talking about. I'll be adding more as I get them.
  • Browser Attack Tree


    Last updated 11/25/05

    SourceForge Logo