I made a tool which provides a generic template for producing risk analyses according to a combination of statistical, mathematical and computational heuristics. It is intended to be used by teams wishing to increase awareness of security issues arising from technical debt. The motivation came from designing a replacement to a system under a DDoS attack, and a need to provide stakeholders with a summary of technical risks involved in undertaking the project.
The interfaces uses Bootstrap and Formio, and produces Markdown which is malleable enough to be used as documentation.
To follow up, I delivered a lightning talk about the STRIDE model and conducted sessions with team members whenever we uncovered a potential threat to systems when refactoring in the future.
