Versioning use cases

Original post by @dbeu

Hi everyone,

Are you utilizing the Versioning feature of IriusRisk? If yes, what are some of the main use cases that you are using it for?

First thing that comes to my mind is when doing some major changes in the architecture of a product and you want to keep track of the changes.

Thanks

Original post by @Jholmes

I also utilize versioning:

  1. Before creating accounts for the developers and giving them access to the TM so they can review required countermeasures and update architectural design if needed.
  2. If I am handing off the TM to a coworker due to planned leave I version what I had done
  3. As you mentioned, also version before major changes in architecture

I also find it interesting to be able to go back and see how the architecture changed over time and through multiple workshops

Other use cases for versioning might include:

  • New Review New Version - Possible that you want to be able to demonstrate difference between the last engagement or audit and want to show them dashboards at two different points of time.
  • Major Changes - as the application changes, you could version the threat model over time to match your product or deployment versions for when it was threat modeled.
  • Additions - as you start the threat model, maybe you only threat model the front end vs backend. V1 might start with all public facing components and then v2 might add in backend components, v3 might add in third party integrations.
  • Wanting to try something new in the product - since the diagram can always be reverted back to previous versions, you could use as a way to test out new components or structures.

Original post by @dbeu

Thank you guys both for the feedback!

Best Regards,

Dejvi