Add Optional "Service-Specific Threat Details" Attribute to Threat Schema #444
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Feature Request
Description of Problem:
The current threat schema effectively captures general information about common threats, but lacks the ability to specify how those threats apply to individual cloud services (e.g., GCP, Azure). As we engage in detailed threat modelling of cloud services, it will becomes increasingly important to document nuances and service-specific considerations related to a threat. The absence of this attribute means these details are either not captured or inconsistently tracked outside the schema, potentially leading to gaps in understanding and mitigation.
Potential Solutions:
Propose adding a new optional attribute to the threat schema called "service_specific_threat_details". This field will allow for service-specific details to be captured when threats are applied to a particular cloud service. It will not be mandatory, maintaining the flexibility of the schema for general use, but will provide a mechanism to store additional detail when needed.
The text was updated successfully, but these errors were encountered: