1.3.0

Important Note: The installation path of the Windows Setup changed with version 1.2.1. If you installed any version <= 1.2.0, it is required to uninstall the old app before installing the newer version.

šŸŽ‰ Feature - Protection Goal

  • Introduction of customizable protection goals (e.g. confidentiality, integrity, availability)
  • Protection goals can be defined for attack scenarios (and preconfigured in threat rules, categories, and attack vectors)
  • The impact on protection goals can be separately defined for assets and system threats
  • Risk assessment: automation of impact based on system threat or asset impact

šŸŽ‰ Feature - Risk Assessment

  • Remaining risk: added 'Avoided' state for cases when a feature was removed, for example
  • Risk acceptance level: define risk level for which risk strategy automatically gets set to 'Accept'
  • Risk strategy: show explanation of the different stategies
  • Remaining risk: adopt values from risk
  • Threat rule and attack vector: define value for each metric of a risk assessment method
  • Define affected assets of an attack scenario

šŸŽ‰ Feature - Component Improvements

  • Software/Process component: define target (device, app) and initial state
  • Conditional threat questions: define rule to decide whether a question is applicable
  • Questions that do not apply can optionally be hidden or grayed out

šŸŽ‰ Feature - Checklist Improvements

  • Define target type (device, app) to automate setting 'Not relevant' (e.g. app has no physical diagnostic interfaces)
  • Possibility to define complex rule
  • Checklist requirements can be linked to threat rules, attack vectors, and control

šŸŽ‰ Feature - Support of MITRE EMB3Dā„¢

  • Support of the MITRE EMB3Dā„¢ library
  • Library entries can be assigned to attack vectors similiar to CAPEC

šŸŽ‰ Feature - Others

  • Project meta data update: version history, participants, history
  • Hyperlinks: add hyperlinks to an object (Ctrl+K)
  • Notes for diagrams
  • Keyboard shortcuts overview (accessible via help)
  • New keyboard shortcuts (e.g. Control+B to toggle the side bar, Ctrl+L to switch language)
  • Report configuration: save configuration in project instead of locally
  • Bug report: add screenshot
  • Example projects/configurations may be provided by emgarde.de

1.2.1

šŸ› Bug Fix

  • Report generation: Max. Value
  • Report/Dashboard: Undefined scale description
  • Undefined behaviour after opening file changes dialog
  • Assets View: undefined global assets
  • Minor bug fixes (progress spinner in tables, color of color-picker)

1.2.0

šŸŽ‰ Feature - Create LaTeX Report

  • Download text report as LaTeX sources
  • Zip file contains .tex file along with a img folder including all images

šŸ“ƒ Report

  • Shows the default risk method
  • Content update (risk assessment, checklist)
  • Style update

šŸŽ‰ Feature - Others

  • Checklist: linked attack scenarios, filter for level
  • Risk assessment: automation of threat actor likelihood
  • CVSS: define default version (3.1 or 4.0)
  • Threat generation: deactivate rule via context menu
  • Risk overview: show tags
  • Option to skip project change detection to increase performance (activatable via project settings)

šŸ› Bug Fix

  • Minor bug fixes (asset view, stack view, CVE search, project update)

1.1.3

šŸ› Bug Fix

  • Incomplete risk data
  • Provide more details in bug report

1.1.2

šŸ› Bug Fix

  • GitLab: show and restore commits
  • Create default charts in new project
  • Risk table save visible columns
  • Reload file button disabled for imported files
  • Minor bug fixes in project tree

1.1.1

šŸ› Bug Fix

  • Consistency check includes configuration of risk metrics
  • Configuration: delete risk metric
  • Configuration: generate risk metric table

1.1.0

šŸŽ‰ Feature - Upgrade of Assumptions & Constraints

  • Upgrade of Assumptions & Constraints (ACs) to referenceable and numberable object
  • Moved from 'Characterization & Scope' to separate view in project tree
  • Added definitions to automate risk assessment, allowing to predefine a value for any metric
  • ACs can be referenced in risk assessment and automatically set the predefined value

šŸ› Bug Fix

  • Checklist: hide accept/reject buttons if no update is available
  • GitLab authentication: catch error
  • Minor bug fix in MessagesService

1.0.0

šŸŽ‰ Feature - Risk Assessment

  • This version introduces a new customizable risk assessment:
  • Custom scales (e.g. Low, Medium, High)
  • Determination of used scale for existing properties such as system threat impact or data sensitivity
  • Custom risk metrics (e.g. risk = likelihood x impact)
  • Definition of rules to automatically determine the risk
  • Multiple custom risk methods
  • Support of CVSS 4.0
  • Remaining risk can be assigned to attack scenarios

šŸŽ‰ Feature - Checklist (IEC 62443-4-2)

  • Extended checklists to full feature (multiple customizable states, export in report)
  • Checklist: linked countermeasures, export to CSV/Excel

šŸŽ‰ Feature - GitLab Support

  • Support of GitLab repositories, including self-managed instances
  • Save file in beautiful JSON to improve merging (option, activatable via project settings)

šŸŽ‰ Feature - Dashboard

  • Configuration of the shown charts in Dashboard
  • Dashboard and Risk Overview: shown columns in attack scenario table can be selected

šŸŽ‰ Feature - Others

  • Project Tree: possibility to create groups for diagrams, devices, and apps
  • Possibility to send a bug report that includes versions and log/error messages

šŸŽØ User Interface

  • General UI update because of framework update (Angular v16)
  • UI improvements on home and login page regarding version control tools
  • Current file name shown in tab/program title

šŸ” License Mechanism

  • A license mechanism is introduced
  • A valid license key is required to use TTModeler Pro (read/write or read-only)
  • An active Internet connection is required to verify floating licenses

šŸ› Bug Fix

  • Windows: A bug in the windows executable threw an error when multiple instances were started
  • Missing countermeasure state in export template
  • Undefined flow anchors in hardware diagram
  • Arrow key usage
  • Deleting Tag

For previous releases see TTModeler on GitHub: https://github.com/SecSimon/TTM/blob/main/CHANGELOG.md