This was an interesting read. Thanks!
One thing, which would’ve been a cool addition, would’ve been a control graph of the system being analysed. There’s a lot of literature with examples of STPA/CAST-analyses for safety, but very few for security, and all of them are related to analysing a system around some physical process. Would’ve been interesting to see your take on it here. There’s a bit about extending STPA for Security e.g. here and here.
Another nice and a bit more practical resource for learning about STPA (The hazard analysis method based on STAMP) is the STPA Handbook (pdf) Leveson and Thomas published last year. Leveson’s 2012 book, at least for me, was at points a bit long winded (nonetheless a very good book), but I’ve found the handbook a better reference for analyses. It also covers a lot of typical common mistakes etc.
If I may nitpick a bit, STAMP is an accident model, STPA and CAST are analysis methods based on it :) Leveson extended on ideas from Jens Rasmussen, as she talks about e.g. in this publication. If you’re interested, check e.g. this influential paper from Rasmussen.
PS. The link to Leveson’s homepage at the end of the article is not working.
Wow, that is a really good handbook. You should submit it as a lobsters link!
Also, link fixed =)
(I know I should include a control graph but I’m kinda procrastinating on making one :/)
If you ever hear me say “I should use STAMP on something!” please punch me in the face. It’s for my own good.
Nah, I’m gonna suggest 10 other things. Then, watch the mayhem. ;)
NPM continues to not have package signing. I suspect there is a viable enterprise business in that missing piece. Implement an add-on for package signing, make that piece freely available, charge enterprises money for supplying signatures for audited packages. Basically the business is security audits as a service for node modules.