This release was focused on bug fixes and additional features including:
- Support importing Threat Models created with the Microsoft SDL Threat Model Tool on its latest version (2016).
- A new API call to create a basic project structure and assign the project to a Business Unit. (check https://app.swaggerhub.com/api/continuumsecurity/IriusRisk/1)
- The OWASP Application Security Verification Standard has been updated to the latest version 3.0.1.
- The whole default library "CS-Default" has been reviewed and refactored, added missing descriptions, completed all the test steps for the controls, etc.
- The JIRA integration also uploads test steps to JIRA providing instructions on how to test the implementation of a control.
- New conditions added to the Rules Editor to allow more modular rules.
- Support for MS-SQL as a backend database in addition to PostgreSQL.
- New licensing system.
New Features
- [IRX-400] - Modify Assets
- [IRX-452] - Change "Residual Risk" to "Current Risk"
- [IRX-486] - Change the Asset editor so that the user can choose the type of Asset
- [IRX-507] - Distinguish between Controls that are generated by import process and those created manually
- [IRX-519] - Include assets in architecture diagrams and the report
- [IRX-524] - Modify the Edit Component icons and menu
- [IR-610] - Update OWASP ASVS to the last version.
- [IR-682] - Test and fix the code Example Editor for Control Details.
- [IR-684] - Add test steps when creating a JIRA issue.
- [IR-595] - Add a "New Library" option to the Template & Libraries administration tab.
- [IR-618] - Support new version of MS Threat Modeling tool for importing models
- [IR-643] - [API] Add request data validation
- [IR-666] - Add content for Test instructions for all controls
- [IR-673] - Implement a new API call to allow basic project creation from other systems
- [IR-679] - Test IriusRisk using MS-SQL Server
- [IR-693] - Create a new Condition in the Rules Editor: Conclusion exists
- [IR-695] - Create a new Condition in the Rules Editor: Conclusion does not exist
Bugs
- [IRX-425] - Fix bugs in charts
- [IRX-456] - Bug sorting project components after import from a different library than the original one
- [IRX-512] - Do not display UDTs on a product, if the product is a library type
- [IRX-515] - Window to remove control is displayed at wrong time
- [IRX-521] - Importing template should also import the Assets in the template
- [IRX-528] - Transaction rollback exception
- [IRX-529] - Don't change a threat generated automatically to MANUAL if it's accepted
- [IRX-535] - Remove mitigation column from all tables in the Control tab
- [IRX-545] - Error generating reports
- [IR-650] - Exporting library should not export questions, trustzones nor assets of components
- [IR-672] - Risk Calculation for Projected Risk on a failed Weakness test is not properly adjusted
- [IR-677] - Review the Defect Tracker Clients and check we have all the necessary parameters before trying to connect from IriusRisk
- [IR-681] - Small fixes related to the license system
- [IR-685] - Error when creating a new Project.
- [IR-692] - Weakness description is a text field, should be a text area
- [IR-704] - Memory leak with AdminTabSheet
Comments
0 comments
Article is closed for comments.