Version 1.4.2 is out

Written by

Posted on Leave a comment

It has taken a while, but finally you can enjoy a new version of Threats Manager Studio (TMS)! This new version is mostly focused on fixing some of the pending problems, including some nasty ones related to stability and performances. More specifically:

  • [Bug] Threats Manager Studio occupies a CPU core forever, as soon as a file has been opened.
  • [Bug] JSON Serialization of Threat Models and Templates does not produce a correct Unicode UTF-16 file.
  • [Bug] Opening a Diagram may crash the Studio if more Trust Boundaries refer to the same parent.
  • [Improved] Opening a Threat Model may generate an error message that may be too generic, when the containing directory is missing.
  • [Bug] Openining or saving a file when you do not have the required rights may cause a crash.
  • [Bug] False Positive List dialog may crash if no Analyzer is selected.
  • [Bug] Item editor is not showing correctly the Threat Event Mitigation name in the Roadmap panel.
  • [Bug] Item editor may crash when the context menu for Threat Events is empty.
  • [Bug] Corrupted reference Word documents are not managed correctly.
  • [Bug] Opening the export to Word feature when the reference Word document is already opened in Word does not generate a clear message.
  • [Bug] Setting a blank Schema name or namespace causes the application to crash.
  • [Bug] Export Template would allow to specify no name for the Template, but then fails.
  • [Bug] IterationInfo is unknown when a TM is loaded.
  • [Bug] User objects leak may cause Threats Manager Studio to crash after some use.
  • [New] Added the possibility to remove Iteration association from a single Mitigation.
  • [New] Added the possibility to remove Iteration association from all Mitigations.
  • [Improved] The Threat Actor List is now visible only in Pioneer mode.
  • [Improved] The Risk Trend panel is now visible only in Pioneer mode only. This is a temporary measure that will be addressed with v1.5.0.
  • [New] Added an Extension to import Excel files to create Threat Types, Mitigations, Entity Types and other objects.
  • [Bug] Exported templates include Non Exportable Property Schemas.
  • [Bug] All Standard Mitigations and Threat Event Mitigations are shown in the Annotations Panel, even when there is no annotation or when it should be filtered out.
  • [Bug] Annotations panel does not show annotations assigned to Diagrams.
  • [Improved] Asked Via and Answered Via fields in Topics to be clarified now provide two buttons for common answers (email/call).
  • [Improved] Annotations now show the object they are applied to.
  • [Improved] Annotations section is now near the bottom in the Item Editor.
  • [Bug] Word Report creates properties even if they are marked as “Do not print”.
  • [Bug] Some placeholders in the Word Report extension are missing the icon.
  • [Bug] Reduced the possibility of getting an Out of Memory exception while serializing or deserializing Json files, including Threat Models.
  • [New] Added a functionality to fix automatically eventual problems with diagrams due to difference in DPIs.
  • [Improved] Annotations Text now has spell check and allows to open the Text Editor.
  • [Improved] Added the possibility to filter objects with an Annotation having a specific text, considering both the Text or the Answer.
  • [Improved] Added the possibility to filter objects with a Review Note having a specific text.
  • [Bug] Removal of an Annotation from the Annotations panel does not properly clean up the panel itself.
  • [Bug] Removal of a Review Note from the Review Notes panel does not properly clean up the panel itself.
  • [New] Added Counters for Annotations.
  • [Improved] The request to choose if the latest version of the document has been removed, to make loading more efficient.
  • [Bug] Dirty flag may be shown at start, unnecessarily.

As usual, you can find the downloads from Downloads.

With this new release, I have also updated the Azure PaaS Core template, fixing a couple of issues, and I have updated the Standard Word template you can use to create your own Reports.

You will be able to find a new Extension Library called Importers: this is in Preview, sort of, and will be documented as soon as possible. For now it contains a single Extension, which allows to import Threat Types, Mitigations and Entity Templates from an Excel file. It requires a Json file to define how the information is going to be imported. The format of the Json file will be documented soon, but for now you can refer to an example which imports some threats from Capec.

Please reinstall TMS and all the Extensions over the previous ones.
There is no need to uninstall what you had previously. Please ensure to update all the installed Extensions, because you may otherwise get some of the problems listed in the Startup page under Troubleshooting.

Posted in Announcements, News

About the Author:

I have been a Consultant with Microsoft for 15 years and so. As such, I have gained strong competencies around Software Architectures and Methodologies with a focus on Microsoft technologies. I have been working for Microsoft in the Consultancy department since January 2000 mainly for Customers in the Financial sector. Now I am a Senior Premier Field Engineer on Security. In this role I am helping customers in adopting Microsoft Security Products, Technologies and Methodologies. Application Security is one of my main area of interests, even before joining Microsoft: the very reason why I have been hired by Microsoft are a set of articles I have written on Security and specifically on Cryptography between years 1998 and 1999. I am now a member of the Microsoft InfoSecurity Force European Team. As a Microsoft Employee, I have assumed the roles of Developer, Lead Developer, Architect and Microsoft Development Technologies expert. This has allowed me to work for important Banks and Financial Institutions like Intesa SanPaolo, Deutsche Bank, Monte dei Paschi di Siena and Unicredit, and also for P.A. Organizations like INPS, the largest social security and welfare institute in Italy and one of the most important on a European level. The gained experience can be applied to many contexts, not only on Financial Businesses, because it has been mainly focused around technology and soft abilities, like interpersonal awareness and interaction with different people and different organizations. On May 2016 I have assumed the role of Co-Lead of the Worldwide Microsoft Technical Community for the Security Development Lifecycle.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Threats Manager Studio

Subscribe now to keep reading and get access to the full archive.

Continue reading