SoftwareProduct

Purpose

The SoftwareProduct object is representing properties of a software type or version that are common for all installations of the software, i.e. all Application objects connected to it.

This way, when connecting a SoftwareProduct to an Application object (as well as the Application-based IDPS and RoutingFirewall objects), any property of the SoftwareProduct will apply to the Application as well.

Connections

Application/IDPS/RoutingFirewall

When connecting a SoftwareProduct to an Application, the SoftwareProduct properties are shared between all connected Applications.

SoftwareVulnerability

When a SoftwareVulnerability is connected to a SoftwareProduct (for instance to represent a vulnerable software release), the vulnerability affects all Application objects connected to the SoftwareProduct.

Data

When connecting a Data object to a SoftwareProduct, the connection Origin is used. This is the same behavior as when connecting a Data object via the Origin connection to an Application, but applies to all Application objects connected to the SoftwareProduct.

592592

Connections to SoftwareProduct.

Properties

AttackSteps

Attack step name

Attack step purpose

CompromiseApplication

Successfully taking control over the application (by compromising the origin of the SoftwareProduct).

DenyApplication

If a connected vulnerability has a "deny" type of impact, that impact will propagate to all connected Applications.

ModifyApplication

If a connected vulnerability has a "modify" type of impact, that impact will propagate to all connected Applications.

ReadApplication

If a connected vulnerability has a "read" type of impact, that impact will propagate to all connected Applications.

Defenses

No defenses are related to the SoftwareProduct object.