-
Key: SPECTRA-22
-
Status: open
-
Source: KDM Analytics ( Dr. Nikolai Mansourov)
-
Summary:
SPECTRA review 16-05-2025
• The first sentence about RAAML is copy and pasted from the RAAML profile document without attribution and includes a reference to “this document” which appears to mean the RAAML profile and not the SPECTRA CA RFC document.
• The section does not mention the upcoming RAAML 2.0 specification that specifically includes security analysis nor the common use of RAAML 1.X to support security analysis.
• The claims that RAAML is not aligned w/ SPECTRA in scope is also unfounded.
o Though RAAML was initially a safety specification, safety and security share common concerns for how to understand and model scenarios that result in measurable risk to a system that needs to be mitigated.
o RAAML has representations for attack trees, scenarios, risks, and risk mitigations that are all applicable to cybersecurity. -
Reported: SPECTRA 1.0a1 — Mon, 26 May 2025 15:44 GMT
-
Updated: Mon, 2 Jun 2025 15:41 GMT