Add support for consuming and generating Open Threat Model (OTM)

[stevespringett]

Hello. I'd like to be able to both consume and generate OTM from Threat Dragon. On the consumption side, I'd like to be able to open an otm file directly. On the generation side, I'd like to be able to save models in otm format.

The Open Threat Model format is still early in development, but its goals are to standardize how data from threat models are represented, providing interoperability between different systems and tools.

Per the readme:

OTM allows both humans and computers to understand what are the components of a system, how are they distributed, the security risks that could be exposed to attackers and the mitigations that could be implemented to avoid those vulnerabilities.

OTM can be used to document your system and threat model, to keep you threat model aware of the changes that happens in the system and many other use cases.

[jgadsden]

Hello @stevespringett , the Open Threat Model looks an excellent initiative.

The way we see it working is that Threat Dragon could read files in either format, and save in both formats. Typical Threat Dragon models are not large, it is a quick and accessible tool, so this could work well

[jgadsden]

The Open Threat Model is looking very promising and so we should try to get this into the next version of threat dragon, further to the discussion in OTM under a standards body

[stevespringett]

Update. Matthew McDonald on my team at ServiceNow will be publishing a PR that adds support. He's currently testing round tripping between Threat Dragon and IriusRisk.

[jgadsden]

Thanks @stevespringett , very good news that this is progressing. I have assigned it to you and feel free to add Matthew McDonald.

[jgadsden]

Thanks for the pull request @mmcdonald4tw, and it will get reviewed this weekend