tmnpy.dsl.requirement.STRIDE.information_disclosure

property STRIDE.information_disclosure: bool

Information Disclosure threat. Maps to tmnpy.dsl.requirement.SecurityProperty.confidentiality()

Compromising the user’s private or business-critical information. Information disclosure threats expose information to individuals who are not supposed to see it. A user’s ability to read a file that she or he was not granted access to, as well as an intruder’s ability to read the data while in transit between two computers, are both disclosure threats. Note that this threat differs from a spoofing threat in that here the perpetrator gets access to the information directly rather than by having to spoof a legitimate user.[1]

Notes

[1] Loren Kohnfelder and Praerit Garg. The threats to our products. Microsoft. April 1999.