The vulnerability assessment window is called up using the node menu
on diagram nodes (except actors). In the vulnerability assessment
window, you can add, remove, and assess vulnerabilities to the node. In
this window you can:
rename a vulnerability, by clicking its title (press
Enter/click elsewhere to confirm, press Escape to cancel).The name
change will apply to all other nodes and (if applicable) to the
checklist as well.
modify the type between natural and malicious
using the icons on the left.
add or edit remarks. Remarks are very useful to
explain why this particular assessment was chosen.
reorder vulnerabilities, by dragging them into the desired
order.
change frequency and impact. Click to activate the
selection widget. Click the widget to open it, or type the letter of
your choice.
remove a vulnerability, by clicking the minus-button on the
right. See the warning in Adding and removing
vulnerabilities about removing vulnerabilities.
Using the buttons in the toolbar, you can:
add a new vulnerability, by clicking the “+ Add
vulnerability” button.
copy all vulnerabilities onto a clipboard, using the Copy
button.
paste a previously copied set of vulnerability assessments,
using the Paste button.
Be careful when pasting vulnerability assessments; these three rules
are used:
Vulnerabilities that were present (based on their name) in the
source as well as the destination will be combined.
On combination, if the probability or impact has been set in both
the source and destination, the worst value will be used.
Any vulnerabilities listed in the source but not yet present in the
destination will be created.
It is not yet possible to add/edit descriptions for vulnerabilities,
other than using the checklists.
