1.3.0
Important Note: The installation path of the Windows Setup changed with version 1.2.1. If you installed any version <= 1.2.0, it is required to uninstall the old app before installing the newer version.
š Feature - Protection Goal
- Introduction of customizable protection goals (e.g. confidentiality, integrity, availability)
- Protection goals can be defined for attack scenarios (and preconfigured in threat rules, categories, and attack vectors)
- The impact on protection goals can be separately defined for assets and system threats
- Risk assessment: automation of impact based on system threat or asset impact
š Feature - Risk Assessment
- Remaining risk: added 'Avoided' state for cases when a feature was removed, for example
- Risk acceptance level: define risk level for which risk strategy automatically gets set to 'Accept'
- Risk strategy: show explanation of the different stategies
- Remaining risk: adopt values from risk
- Threat rule and attack vector: define value for each metric of a risk assessment method
- Define affected assets of an attack scenario
š Feature - Component Improvements
- Software/Process component: define target (device, app) and initial state
- Conditional threat questions: define rule to decide whether a question is applicable
- Questions that do not apply can optionally be hidden or grayed out
š Feature - Checklist Improvements
- Define target type (device, app) to automate setting 'Not relevant' (e.g. app has no physical diagnostic interfaces)
- Possibility to define complex rule
- Checklist requirements can be linked to threat rules, attack vectors, and control
š Feature - Support of MITRE EMB3Dā¢
- Support of the MITRE EMB3Dā¢ library
- Library entries can be assigned to attack vectors similiar to CAPEC
š Feature - Others
- Project meta data update: version history, participants, history
- Hyperlinks: add hyperlinks to an object (Ctrl+K)
- Notes for diagrams
- Keyboard shortcuts overview (accessible via help)
- New keyboard shortcuts (e.g. Control+B to toggle the side bar, Ctrl+L to switch language)
- Report configuration: save configuration in project instead of locally
- Bug report: add screenshot
- Example projects/configurations may be provided by emgarde.de
1.2.1
š Bug Fix
- Report generation: Max. Value
- Report/Dashboard: Undefined scale description
- Undefined behaviour after opening file changes dialog
- Assets View: undefined global assets
- Minor bug fixes (progress spinner in tables, color of color-picker)
1.2.0
š Feature - Create LaTeX Report
- Download text report as LaTeX sources
- Zip file contains .tex file along with a img folder including all images
š Report
- Shows the default risk method
- Content update (risk assessment, checklist)
- Style update
š Feature - Others
- Checklist: linked attack scenarios, filter for level
- Risk assessment: automation of threat actor likelihood
- CVSS: define default version (3.1 or 4.0)
- Threat generation: deactivate rule via context menu
- Risk overview: show tags
- Option to skip project change detection to increase performance (activatable via project settings)
š Bug Fix
- Minor bug fixes (asset view, stack view, CVE search, project update)
1.1.3
š Bug Fix
- Incomplete risk data
- Provide more details in bug report
1.1.2
š Bug Fix
- GitLab: show and restore commits
- Create default charts in new project
- Risk table save visible columns
- Reload file button disabled for imported files
- Minor bug fixes in project tree
1.1.1
š Bug Fix
- Consistency check includes configuration of risk metrics
- Configuration: delete risk metric
- Configuration: generate risk metric table
1.1.0
š Feature - Upgrade of Assumptions & Constraints
- Upgrade of Assumptions & Constraints (ACs) to referenceable and numberable object
- Moved from 'Characterization & Scope' to separate view in project tree
- Added definitions to automate risk assessment, allowing to predefine a value for any metric
- ACs can be referenced in risk assessment and automatically set the predefined value
š Bug Fix
- Checklist: hide accept/reject buttons if no update is available
- GitLab authentication: catch error
- Minor bug fix in MessagesService
1.0.0
š Feature - Risk Assessment
- This version introduces a new customizable risk assessment:
- Custom scales (e.g. Low, Medium, High)
- Determination of used scale for existing properties such as system threat impact or data sensitivity
- Custom risk metrics (e.g. risk = likelihood x impact)
- Definition of rules to automatically determine the risk
- Multiple custom risk methods
- Support of CVSS 4.0
- Remaining risk can be assigned to attack scenarios
š Feature - Checklist (IEC 62443-4-2)
- Extended checklists to full feature (multiple customizable states, export in report)
- Checklist: linked countermeasures, export to CSV/Excel
š Feature - GitLab Support
- Support of GitLab repositories, including self-managed instances
- Save file in beautiful JSON to improve merging (option, activatable via project settings)
š Feature - Dashboard
- Configuration of the shown charts in Dashboard
- Dashboard and Risk Overview: shown columns in attack scenario table can be selected
š Feature - Others
- Project Tree: possibility to create groups for diagrams, devices, and apps
- Possibility to send a bug report that includes versions and log/error messages
šØ User Interface
- General UI update because of framework update (Angular v16)
- UI improvements on home and login page regarding version control tools
- Current file name shown in tab/program title
š License Mechanism
- A license mechanism is introduced
- A valid license key is required to use TTModeler Pro (read/write or read-only)
- An active Internet connection is required to verify floating licenses
š Bug Fix
- Windows: A bug in the windows executable threw an error when multiple instances were started
- Missing countermeasure state in export template
- Undefined flow anchors in hardware diagram
- Arrow key usage
- Deleting Tag
For previous releases see TTModeler on GitHub: https://github.com/SecSimon/TTM/blob/main/CHANGELOG.md