Latest Update: Version 1.60 Build 1213 - March 15, 2010.
Build 1213 - Download Latest Cumulative Update - March 15, 2010
Build 1213 provides an option to use the results of the Optimized Risk Reduction Plan analysis report as a base line for the Risk Mitigation Simulator tool. The integration between the automatic optimization analysis and the manual risk mitigation simulator, enables analysts to further refine the decisions regarding the right priorities for implementing countermeasures in practical cost effective mitigation plans. Thanks to Laura Wood for raising this idea and for her active participation in development.
Build 1213 is fully compatible with all existing PTA threat models and libraries versions.
If this is your first time with PTA, you are invited to visit our download area and get a full version of the PTA Professional Edition Risk Assessment tool.
If the PTA Risk Assessment tool is already installed on your computer, we strongly recommend that you keep it up-to-date by downloading a free cumulative update with the latest improvements and bug fixes (5MB size; less than 1 minute download time, applicable for previous versions of PTA which are higher than build 1200).
Latest Support Notes :
If you encounter problems when trying to run PTA for the first time after installation:
Please have a look at section 8 in PTA Support & FAQ page which includes a few updated solutions regarding difficulties in running PTA on machines with Office 2007/2003 installed.
How do I know the current version of PTA installed on my computer?
Click the Help | About menu option in PTA main menu. The About dialog displays the current PTA version and build number.
Next Release :
(Scheduled to September 2010)
The forthcoming release will provide advanced export capabilities enabling the transfer of PTA Professional Edition threat models and libraries to external data processing and data mining systems. Beta testers are invited to contact Menachem for details on downloading preliminary versions.
***
The PTA Professional Edition development and debug process is driven by users feedback and requests. In the last two years more than 20 builds have been released with many usability improvements, bug fixes and additional features. Thanks to the community of PTA users world-wide for their constant feedback and continuous support - we'll do our best to make your wishes come true.
Build 1212 - Updated Code Signing Certificate
Build 1212 contains an updated code signing certificate (issued by VeriSign, Inc) that replaces the older certificate which has been expired on 19 December 2009. Users who encountered difficulties in running PTA after this date are invited to download and install the latest cumulative update.
Build 1211 - Enables the display of Local Currency Symbol
Build 1211 enables the display of the local currency symbol in all monetary fields such as countermeasure costs, threat risks and asset values.
Set the currency symbol you wish to be displayed by selecting the appropriate Current format in the Formats tab of the Regional and Language Options dialog (invoked from Window’s Control Panel) and then re-invoke PTA. The selected currency symbol will appear in all relevant data entry screens and reports of PTA.
Note that changing the currency symbol does not affect the value of the monetary fields as kept in the PTA threat model database.
Thanks to Roy Isbell of the De Montfort University and to Maciej Lewandowski of the Control Policy Group for raising and prompting this issue – we hope this feature will be useful to our faithful users worldwide.
Build 1210 - Fix problem in non-English Windows versions
Build 1210 provides a fix to a problem which caused the display of Error 3144 and Error 3346 while running PTA analysis reports when non-English formats are selected in Windows Regional and Language Options. Thanks to Mike Storr of Veraccess for his tip on this issue.
Build 1209 - Introducing the Risk Mitigation Simulator tool
Build 1209 introduces the new Risk Mitigation Simulator tool for simulating the impact of countermeasures implementation on reducing the risk in the system. Using the risk mitigation simulator tool enables analysts to easily refine their proposed mitigation plans and facilitates the decisions regarding the right priorities for implementing countermeasures.
The outcome of a simulation session is the Mitigation Simulator Results report which displays a list of the countermeasures chosen to be simulated by the user and the value of the system's risk if all countermeasures in the list will be implemented. Click the Tools | Mitigation Simulator menu option to activate the tool and read the tool’s help page for the details.
Thank you Harvey for your great contribution in stimulating the risk mitigation simulator concept and for your productive comments during the design and development process. Many thanks also to Alex Richardson, Gregory and K. Megumi for their help in beta testing the tool. Thanks David for the detailed technical feedback you sent us - thank you all.
Build 1209 also includes many UI improvements and better adaptation of the display to 1680 x 1050 screen resolution. In addition, the latest build includes a bug fix which caused, in several scenarios, the display of erroneous value in the 'Already Invested in Mitigation' field of the System's Status screen. Many thanks to Juan, Sylvan, Sahin as well as to A. Agarwal and A. Kasuar of CAT Technologies for their great help in following up with bug reports and handling of support issues - cheers!
Build 1208 - Enable Threat’s Sub Mitigation Plans
Build 1208 introduces a major update to PTA threat's Mitigation Model which adds support in defining several Sub Mitigation Plans for a given threat where each sub mitigation plan has its own set of countermeasures and its own mitigation level. This is a change from the previous mitigation approach, where all countermeasures have to be implemented before the threat is considered to be mitigated. As of build 1208, a reduction in risk could occur when some of the countermeasures are implemented according to the definitions in the Threat’s Sub Mitigation Plans screen (have a look at the new CurrencyRatesWithTMSes.thm file in the Sample Risk Assessment Projects section of the PTA Documents page).
Many thanks to Greg Duval from VTechnologies Pty Ltd and a veteran PTA Qualified Partner for his continuous elaboration of this issue - thanks pal! Also thanks to Jason, Mirit, Efren of MTS-ITS and Rachel Thompson of Flip Hase for their feedback and comments.
In addition, the latest release includes many usability improvements e.g. in assigning countermeasures to threat mitigation plans and marking countermeasures as implemented as well as numerous corrections of GUI problems. As always, many thanks to Juan and Sahin for their help in following up with bug reports and testing.
Build 1207 - Threat's mitigation model - internal Alfa & Beta
Build 1207 includes several internal beta versions distributed to our Qualified Partners and to tens of our brave beta testers :-) who downloaded them from the PTA Beta Downloads page. Thank you all guys and girls for your excellent testing and debugging efforts as well as for your important remarks on GUI and backward compatibility issues. Thanks again for your invaluable contribution to the quality and robustness of this release!
Build 1206 - Revised Reporting System
Build 1206 introduces a revised reporting system which enables better aggregation and sorting of threat model data and analysis results. The new mechanism allows users to define simple Tags Filter queries which filter the data shown in reports according to the tags attached to the threat’s model entities.
Thanks to Andy Baron for his excellent tip on sorting report records at runtime and to Jerry Lee for his great help in defining the tags query UI.
Build 1205 - The Model Completeness self-diagnosis report
Build 1205 introduces the Model Completeness report. The new self-diagnosis report is intended to help in assessing the completeness and robustness of the current PTA threat model. For each of the model's entity types (Threats, Assets, Vulnerabilities and Countermeasures) it displays a table with a checklist of conditions which the entity should fulfill in order to be part of a 'well behaved' threat model.
Thanks to Adi and Pryn for their creative ideas and their great help in the development of the new report. Read more on how to self diagnose your threat model with the new Model Completeness report.
Build 1204 - Fix more Vista issues
Build 1204 contains important GUI bug fixes and solutions to several Vista compatibility issues. As of this built the support for screen resolution of 800 * 600 was omitted in order to enable better organization of threat model entities information in the data entry windows. PTA is best viewed in 1280 * 1024 screen resolution with large font size (120 DPI). Also supported 1280 * 1024 screen resolution with normal font size (96 DPI) and 1024 * 768 screen resolution with normal font size (96 DPI).
In addition, build 1204 contains several usability improvements in the Threat Builder tool - thanks to Laura Wood from Meet Tech for her kind contribution on this issue. Many thanks to Martin for his remarks regarding inaccuracies in the PTA Help documentation (fixed :-) as well as to Pryn and Boris for their help in debug and testing of the PTA Reports system.
Build 1203 - Updated Code Signing Certificate
Build 1203 contains an updated code signing certificate (issued by VeriSign, Inc) that replaces the older certificate which has been expired on 19 December 2007. Users who encountered difficulties in running PTA after this date are urged to download and install the latest cumulative update.
Build 1202 - Compatibility with Windows Vista Ultimate 32 and 64 bit versions
As of build 1202, PTA can run on Windows Vista Ultimate 32 and 64 bit versions. On the Vista 64 bit, PTA is automatically installed under the Program Files (x86) folder.
The updated version contains usability enhancements which tend to improve the 'select from lists' GUI activities by restoring the latest selected entity position in each list. We hope it will increase productivity when building large threat models via the data entry screens. Thanks to Serne Daniele from the University of Wisconsin and to David Benge for raising the issue.
In addition, build 1202 contains important fixes for bugs such as crash of the Status Screen graph displays and the freeze of the Optimized Risk Reduction Plan report configuration screen under Vista - thanks to Steve Lang from NoHow for his published tip on these issues.
Many thanks to Jan Wellergard from Teliasonera and and K. Greenberg from Terminal Desk for their efforts and dedication in debugging installation problems and for their contribution to the PTA Support knowledge base.
Build 1201 - Bug fix in Threat List and Threat Details screens
Build 1201 contains an important bug fix in the Threat List and Threat Details screens which caused, in some scenarios, loss of threat model information when not explicitly saved by user prior to exiting PTA - our thanks to Steve Gilmore from Frontier for his accurate report on this issue.
In addition, build 1201 contains numerous GUI fixes and usability enhancements. Many thanks to Richi, Bruce, Francesco and Axel as well as to hundreds of the PTA Free Program community members who keep sending us their important comments which help us constantly improve PTA. Special thanks to Juan and Sahin for their great help in following up with bug reports and testing.
Build 1200 - Bug fix in ROSI Report
Build 1200 contains a major bug fix in the Mitigation Plans by ROSI report which caused the report to crash when the number of countermeasures in mitigation set exceeded 32 - thanks to Paul Drennon from the Virginia Department of General Services for his note on this issue and for his great help in debuging. The latest fix also corrects a rounding problem which caused inaccuracies in ROSI calculations on large threat models.
Build 1200 also provides substantial performance improvements which reduce the execution time of the Optimized Risk Reduction Plan report on large threat models - thanks to Mark Weiger and NJ Raval for their intensive help on this matter.
In addition, build 1200 contains GUI fixes and usability enhancements which improve paging of large entity lists and navigating between the application's screens. Many thanks to Steve, Mohan, Jason, Jeff, Yan, Govin and Evzen for your contribution and notes.
Build 1199 - Bug fix in import Entities from Text to Library
Build 1199 contains a bug fix and changes in the Import Entities from Text to Library tool - thanks to Eli Moran from Control Policy Group for his instructive remarks.
Build 1199 also provides several GUI fixes and improvements gathered from users by our support team. Thank you Jacob, Claude and Tajeshwar for your notes.
Build 1198 - Bug fix in the report viewer
Build 1198 contains a bug fix in the report viewer which caused a sluggish response time when navigating large scale reports with a few hundred pages. Thanks to Adam Williams of Jayson Group for his note on this issue. Some of the report graphics were improved in order to enhance readability and paging.
Build 1198 also provides revised threat model samples with updated documentation and additional entities. Thanks to Dalya and Yair for their contribution.
Build 1197 - Updated code signing certificate
An updated code signing certificate (issued by VeriSign, Inc) that replaces the older certificate which has expired and was revoked on 16 November 2006. Users who encountered difficulties in running PTA after this date are urged to download and install the latest cumulative update.
Build 1197 also provides a revised Help file with updated documentation and additional FAQ content. Thanks to Greg Duval of the Queensland Dept of Health for drawing our attention to this issue.
Build 1196 - Introduce a new Detailed Countermeasures report
A new Detailed Countermeasures report is introduced. The report presents a list of detailed countermeasures records sorted by the order of their theoretical cost-effectiveness. In addition, the structure of the Documents repository which may contain additional information relevant to the threat analysis entities was enhanced. Up to 999 documents of various types can now be attached to a single entity at any step of the threat analysis process. Many thanks to Alex, Gregory and Ed as well as to all of our devoted users for their continuous contribution to the polishing and improvement of PTA.
Build 1196 also introduces several important UI fixes and usability improvements such as sorting of entity lists according to column fields, improved scrolling and an implementation of an automatic 'behind the scene' backup mechanism of the threat model database.
Important NOTE: the Microsoft STRIDE classification scheme (Spoofing, Tampering, Repudiation, Denial of service and Elevation of privilege) was REMOVED from PTA. These threats' descriptive attributes were found by most of our users to be unpractical for their risk assessment sessions and were not smoothly interlaced with PTA's quantitative approach. Thanks to Naftaly Geffen of KPMG for his instructive remark on this issue.Build 1195 - Introduce the Import Entities from Text to Library tool
A new Import Entities from Text to Library tool for importing data of threat model entities from comma delimited text files. The import text feature enables partial automating of the threat analysis process. Analysts can now combine the output lists of standard pentest tools (such as scanners) with the PTA calculative model. Many thanks to skillz from SecGuru for his excellent description of the penetration testing routines and for his creative comments which have initiated the development of this tool. Read more on mapping PTA along with the penetration testing workflow.
Build 1194 - Display Project File Name in the Application Caption
As of build 1194, the file name of the threat model project is displayed in the caption of the application window instead of the project's name. The full path of the project database file (a thm or a thl file) is displayed in the 'Project Properties' window. Thanks to Omri, Roberto and Jeffrey for their notes - we hope the change will facilitate the management of multiple threat model projects.
Build 1194 also contains some important bug fixes - thanks to Patricia Pollet from Alcatel for sending us detailed bug lists and to Keith Maxon from Ameriquest Mortgage for his help in debugging an annoying installation problem - thank you all for your cooperation and good will.
Build 1193 - Support Annual Rate of Occurrence (ARO)
Threat Probabilities are now presented and entered in a form that is compatible with the classical Annual Rate of Occurrence (ARO) described by Mick Bauer in his excellent article: "Practical Threat Analysis and Risk Management" - again, many thanks to Owen Crow from BMC Software for his remarks on this issue. The update is backwards compatible and will not conflict with your existing threat model projects.
Build 1192 - Fix a Rounding Bug in Calculating VAR
Important bug fix that solves a problem of inaccurate rounding in the calculation of the 'Value At Risk' of threats. The erroneous outcome stands out especially in cases where the difference between assets values is relatively big - many thanks to Owen Crow from BMC Software for pointing this problem to us.
Build 1191 - UI bug fixes
Important UI bug fixes such as screen flickering when browsing through threat model entities and problems in reports viewer resizing. Thanks to Asaff Harel for his help in debugging these issues.
Build 1190 - Add ROSI Support
The new Mitigation Plans by ROSI (Return On Security Investment) report produces a list of mitigation plans sorted by their ROSI value. The ROSI (Return On Security Investment) value for a mitigation plan is a popular quantitative criterion for comparing security solutions. It is defined by the following formula:
(∑Value at Risk * (Mitigation Level/100)) – Mitigation Cost
ROSI = ---------------------------------------------------------------- * 100
Mitigation Cost
∑ - summation over all threats mitigated by the specific mitigation plan
Value at Risk (AKA Risk Exposure or ALE - Annual Loss Expectancy) is the threat’s damage multiplied by the threat's probability which expresses the number of times the threat will materialize per year (ARO).
Mitigation Level is the estimated level (in percents) of mitigation that the threat’s mitigation plan provides.
Mitigation Cost is the cost per year of implementing all countermeasures in the threat’s mitigation plan.
To determine the return on security investment (ROSI) we simply subtract the annual cost of the security mitigation solution from what we expect to lose in a year and present the result in percents. Negative ROSI values imply that the investment in the countermeasures is not well justified from a financial point of view. The processing may take several minutes for threat models with large number of entities.Many thanks to Doug Staubach from Matrix Bancorp for his feedback on this issue.
Build 1189 - System Risk value can exceed system’s Total Assets Value
Fixed a bug in the PTA calculative engine. The value of the System Risk, calculated by summing the risk to each of the system’s assets, is now presented in percents relative to the overall value of all assets. Note that the value can exceed 100%. It is clear that the actual damage to the system’s assets cannot exceed 100%; however, the risk level does not express the actual damage. It reflects the amount of effort that has to be invested in order to mitigate the threats to the system, and since neither the number of threats nor their severity is limited, the risk quantities are no longer limited to 100%.
For the user’s convenience, a marker line indicating the 100% risk level was added to the system risk status history graph.
Build 1188 - No need to define a specific Mitigation Level of each of the countermeasures in a Threat Mitigation Plan
The definition of a threat mitigation plan was slightly changed. It is now defined as “a subset of the recommended countermeasures associated with a threat, which in order to be efficient, has to be implemented as a whole.” A threat mitigation plan is said to be implemented only if all of its countermeasures are implemented.
The change is intended to facilitate the process of defining threat mitigation plans. The user has only to mark a specific countermeasure as included (or not included) in the plan set and is liberated from the burden of deciding upon the specific relative mitigation level of each of the countermeasures as was required in previous builds.
Note that the analyst is still asked to enter the threat’s mitigation level which is the level of the overall mitigation provided by the threat’s mitigation plan to the risk posed by that threat.
Build 1187 - Improved Optimized Risk Reduction Plan report
A new ‘greedy’ algorithm provides improved processing time of the Optimized Risk Reduction Plan report for medium/large threat models. The report produces a recommended sequence of mitigation steps that will reduce the system’s risk to a given target level in the most cost-effective way.
Note that ALL countermeasures in a given step should be implemented in order to achieve the step’s contribution to risk reduction. The contribution of each step in the plan to risk reduction is accurate only if all steps preceding it are implemented. Therefore, in order to achieve the target risk level, all countermeasures in the outcome sequence should be implemented. In case of partial implementation, the optimization should be run again in order to create an updated sequence that reflects the current system status.
Build 1186 - Exclude Threat Model entities from Risk Calculation with one click.
A new Exclude from Calculation feature is applicable for the main threat model entities: assets, vulnerabilities, threats and countermeasures. The analyst can now exclude any entity from the threat model and the risk calculation by just checking the ‘Temporarily Excluded’ checkbox in the details screen of the entity.
The information of excluded entity is kept in the database but is not taken into account in PTA calculations and in the presentation of the threat model entities interrelations. The excluded entity can be easily reactivated by un-checking the ‘Temporarily Excluded’ checkbox. The analyst can take advantage of this feature in simulating what-if scenarios such as ‘Let’s see the impact of the following countermeasures on the risk level of the analyzed system’ etc..
Build 1185 - Revised Help and Documentation
The build provides an improved Help file with links to the updated on-line Documentation section in PTA Technologies web site. Thanks Naama for your dedication in polishing the texts.
Build 1184 - GUI Improvements in Entity Details screens
GUI changes are introduced in main entity details screens (Assets, Vulnerabilities , Threats and Countermeasures) to improve usability and enhance data-entry. Thank you Kami and Russ for the useful comments and recommendations - cheers.
Build 1183 - Omit Support for WIN 98/WIN ME
Support for WIN 98/WIN ME was omitted in order to reduce the PTA installation package size (now smaller in 30%) and decrease download time. PTA is now compatible only with Windows XP + SP2 or higher, Windows 2000 + SP4 + latest rollout updates and Windows Server 2003 + SP1 or higher.
PTA is now best viewed in 1024 * 768 screen resolution with normal font size. Also supported 1280 * 1024 with large fonts and 800 * 600 with normal font size.
Build 1182 - Enhanced Plug-In Security Libraries
As of version 1.41 we added support to managing additional entities types in the Plug-In Security Libraries. Threat model types such as Attacker Types, Entry Points, Tags and Attached Documents were found very productive in enhancing the basic PTA quantitative threat model in real-life risk assessment sessions. Adding the additional types will hopefully improve the portability and usability of the PTA Plug-In security libraries, whose fundamental entities are Assets, Vulnerabilities, Threats and Countermeasures.
Thanks Adi for your help in discussions.
Build 1181 - Change in PTA Database Schema
A major change was introduced to the internal data base scheme in order to enhance performance and calculations. The change is backwards compatible and will not conflict with your existing threat model projects.
Build 1180 - Improved Reports Viewer
The Reports Viewer was enhanced to support Zoom In and Zoom Out of the content of the displayed report.
In addition, a notorious bug which prohibited sending a report as an email attachment via non-English versions of Office Outlook was fixed. Thank you Dimitrios for your help in hitting this problem.
Build 1179 - Revised Countermeasures Cost-Effectiveness report
The revised report produces a list of countermeasures sorted by their theoretical cost-effectiveness, based on the assumption that all countermeasures are (or will be) implemented.
For each countermeasure, the report displays calculative parameters such as cost-effectiveness, implementation cost and the overall mitigation level of the specific countermeasure. It also displays a list of the vulnerabilities mitigated by each countermeasure.Since the assumption that all countermeasures are implemented is, in most cases, not practical, it is recommended to complement the results of the Countermeasures Cost-Effectiveness report with the results of the “Optimized Risk Reduction Plan” report.
Build 1178 - Revised System's Status screen
The System's Status screen now provides direct links for viewing the threat model entities' lists - for viewing the various lists just click on the entities titles on the upper left side of the monitor.
The updated number of records for each entity is displayed on the right side of its title and is automatically updated when adding or removing an entity.
Build 1178 also contains important bug fixes - thanks to Lau Kam Hing Keith from ASTRI for his feedback.
Build 1177 - a new Top Threats by Current Risk report
The new Top Threats by Current Risk report produces a chart of top risk threats, sorted by the order of their current risk level. The threats' names and their risk values in $ are displayed above the chart.
Many thanks to Francis, Adam and Bruno as well as to the many PTA users that share with us their risk assessment experience and insights regarding the future features of PTA.
Build 1176 - Extended support in export of reports data
Build 1176 contains extended support in export of reports data. In addition to the existing support in export to all types of Text Files (txt, csv, tab, asc) and RTF format, PTA reports data can now be exported to Microsoft Excel 5-7 / 97-2007 (XLS), HTML Documents (HTM, HTML) and Snapshot Files (SNP) formats.
Use the ‘Export Report’ button in the report viewer tool bar to select the format and name of the destination export file.Build 1175 - a new Load Entities from Library tool
The new Load Entities from Library tool enables loading threat model entities data from PTA entity libraries into the currently opened PTA project. The PTA Plug-In Security Libraries feature enables security experts to package their knowledge and expertise in customized portable libraries ready for distribution. The load entities mechanism enables a risk assessment project to be easily constructed and tailored to specific business requirements by the customer himself or by a customer working with a consultant.
The open architecture of PTA enables you to easily build your own Plug-In Security Libraries – all you have to do is enter the desired security entities into a PTA threat model and then save it as a library (a thl file). PTA automatically organizes the various entities in standalone lists that can be easily integrated into new or existing analysis projects using the new ‘Load from Library’ tool. You have full control on the nature and the contents of the libraries - they can contain entities that reflect your specific best practices and knowledge as well as partial or full editions of industry standards.
In order to load the entities, simply select the source entity library (usually a thl file) which contains the entities you wish to load to the current project. The library's entities are displayed in lists of Assets, Vulnerabilities, Countermeasures and Threats.
Build 1174 - Introduce the Threat Builder tool
The new Threat Builder tool enables quick composing of threat scenarios and establishing interrelations between threats and their associated assets, vulnerabilities and countermeasures (see Building Threats in the Practical Threat Analysis way for detailed explanation on threat composition).
In addition, a new case study of a real-life risk assessment project of an enterprise call accounting solution was added to the distribution of PTA. The threat model (thm file) and the relevant documents can be downloaded from here: Call Accounting Case Study. Many thanks to Yuval and Danny Lieberman for their great contribution and continuous support.
Build 1173 - Introduce the Optimized Risk Reduction analysis report
The Optimized Risk Reduction Plan report produces a recommended sequence of mitigation steps that will reduce the system's risk to a given target level in the most cost-effective way. Each step in the plan is comprised of countermeasures that should be implemented in order to achieve the step's contribution to risk reduction. Notes:
1. The optimization mechanism starts from the current status of countermeasures implementation - countermeasures marked as 'already implemented' will not be assigned to the proposed risk reduction plan. The processing may take several minutes for systems with large number of entities.
2. If the implementation cost of a countermeasure is not specified, the default cost value is determined as 1$.
3. The target risk level should be between the system's maximal risk and the system's minimal risk levels.
4. All countermeasures in a given step should be implemented in order to achieve the step's contribution to risk reduction.
5. The contribution of each step in the plan to risk reduction is accurate only if all steps preceding it are implemented. Therefore, in order to achieve the target risk level, all countermeasures in the outcome sequence should be implemented. In case of partial implementation, the optimization should be run again in order to create an updated sequence that reflects the current system status.
Build 1172 - Introduce the Tags and Attached Documents entities
The new Tags and Attached Documents entities add descriptive fields and additional information to the threat model. Note: the new entities are not mandatory for the PTA threat model.
Tags are free-text descriptive attributes associated with the threat model entities (assets, threats, vulnerabilities and countermeasures). Tags help the analyst classify the various model entities and improve their comprehensibility.
The documents repository contains additional unstructured information relevant to the threat analysis entities and process. For example: security notes, standards specifications, development ideas, design schemes etc. Documents can be attached to specific model entities at any step of the threat analysis process.
Many thanks to Yuval Hamuz-Cohen from TovTV for his great help in debug and for his inspiring notes regarding GUI issues.
Build 1171 - Add 'Help on Current Screen' option
Important GUI bugs were fixed. In addition, the new Help on Current Screen option provides a context sensitive help window with help topics relevant to the currently opened screen (click the question mark button at the PTA toolbar file).
Thanks to Vadim Agranovich from Yugbank for sending us his comments and to Rocky Heckman from RockyH for his kind encouragement.
Build 1170 - Initial version PTA Professional Edition
Build 1170 is the initial public release of PTA Professional Edition Risk Assessment tool which implements the Risk Calculator quantitative engine of the PTA (Practical Threat Analysis) technology. The tool also implements the PTA threat model database, associates threats and vulnerabilities with business assets and evaluates system risks in monetary terms. PTA Professional Edition is a desktop application that can be downloaded and installed in less than 5 minutes.
Free Program for Students, Researchers and Independent Security Consultants
The PTA Risk Assessment tool is free of charge for students, researchers, software developers and independent security consultants. You may submit your request to participate in our free program by sending us an email with the following registration details:
1) First and Last Name:
2) Address:
3) Phone:
4) Email:
5) Organization / College / University:
6) Job Title / Position / Academic Level:
7) The area of your profession:
As soon as we process your registration details we shall send you an unlock key that enables you to extend the usage period of PTA. Read More>
***