Hi,

I'm reading some of the examples and the code for pytm but there are some attributes where I'm not sure what they correspond to.

For example in the Controls class, there are variables like:

isHardened = varBool(False)
isResilient = varBool(False)
providesConfidentiality = varBool(False)
providesIntegrity = varBool(False)
sanitizesInput = varBool(False)
tracksExecutionFlow = varBool(False)
usesCodeSigning = varBool(False)

I'm not sure what they correspond to? Is it left up to the lib users to define is the controls are hardened or resilient for example or is there some canonical definition I could look up and reference when working with other people?

Thanks for the help =)

It's up to the users. It is also easily extensible, so if there's need the user can add more attributes (PR!).

Alright, I'll probably have to come with some definitions that make sense for my use-case, thanks for the quick answer! I also saw that there was a discussion to move to rule-based library like rule-engine. Is is still a thing?

We are definitely checking options, if that's an area you're interested in we'd be very happy to hear your thoughts!

I'm just getting started with threat modelling so I don't have a clear opinion on what should be done or not but I'll get back to you when I have more experience on this =)

It's a journey, we welcome your input at any time!