Interview a series of people in industry who work with ADTs to find how they use them, why they use them, how they are perceived (what do they find useful), etc.
Create a survey to be given either in-person or via crowdsourcing that seeks to understand the comprehensibility of attack trees to laypeople.
Design and run a user study on the usability of the previously built ADT Web App tool. Find what the strengths and weaknesses of the tool are in a scientific manner.
Create a survey to be given either in-person or via crowdsourcing to establish what information is received when threats are communicated. How does this information change based on how the threat is …
Write code that creates a LOT of ADTs in standardized format (xml/json) from some kind of dataset (example: MITRE). This could be used for general analysis or as training data for some kind of ML …
Describe and define a JSON format for ADTs. Write code that will convert between the defined ADTool XML ADT format to a new defined JSON ADT format.
Create a parameter that can map an ADT node to a kill chain step. Provide examples of this mapping in action. Discuss utility of such a mapping
Create a library that allows for the creation of ADTs in Python. This should include some kind of visualization, the ability to enter whole trees in standard format, and the ability to …
Develop an interface for a web application to build ADTs
Write code that can take ADT image and generate a standardized ADT format from it
Write code that can take ADT input in some format: plaintext description, paragraph, structure sentences (BSc), etc, and produce an ADT directly usable format (xml/json)
In spite of all efforts to improve software security, vulnerabilities are still distributed in software. While producing secure software, there are problems with not only purely technical practices …
Develop a language with simple grammar that will allow especially non-technically inclined people to write instructions to create an ADT.
With a new methodology, you’ll research on some nice results from studying zero-day fixes in Github. The methodology is almost ready but obvious reasons we don’t publish the details here.
We have a fast and new methodology to find zero-day vulnerabilities in public Github projects. With our guidance, you’ll verify the existence of vulnerabilities and participate in submitting the …
