►
A
A
A
A
A
A
A
A
Okay,
source
destination:
okay,
so
source
is
okay,
the
right
dragon,
oastrat
dragon.
A
A
A
A
wasp
threat
dragon.
Okay.
I
think
I
spelled
that
right.
Oh
wasp,
all
right
so
dip
my
merge,
oh
wash
threat
dragon
equals
our
weight,
so
yeah
we'll
say:
src
equals.
A
Open
architecture.
A
A
A
A
A
A
Nice
source
to
say,
modeling,
threat,
dragon.
A
Source:
okay,
open
architecture.
A
A
A
A
A
A
A
A
A
Okay,
so
that's
we
gotta
go
to
this
open
architecture,
one
as
well.
Okay,.
A
Let's
check
out
the
json
source
yeah,
I
don't
think
I
don't
really
like
the
spdx
stuff
within
the
files
I
feel
like
you
know,
the
license
is
the
license
and
with
with,
unless
there's
an
exception
right.
This
is
why
context
matters
if
we
know
the
context
what
repo
came
from
them,
we
don't
need
to
care
okay,
open
architecture
based
source
from
the
file
social
memory
source.
A
A
A
A
A
So
cv
scan
results
right.
A
A
That's
constant:
why
did
that
work.
A
A
A
A
Okay,
there's
no
attributes
we're
dragging
fantastic
okay,
so
so
it
attempted
to
load
so,
but
we
changed
it
so
where's
the
iris
training
cell
source.
A
A
A
Okay,
so
detailed
diagrams
okay,
so
this
source
has
a
single
record
as
a
single
record
source
right,
because
it's
a
single
threat
model
and
remember:
we
can
always
have
multiple
sources
and
multiple
threat
models.
So
title
web
application.
Okay,
so
title
owner
description,
okay.
So
what
is
the
record?
So,
let's
make
it
unique
based
on
the
contents
right.
So
I
believe
we
have
a
secure
hash
function.
A
All
right,
so
we
have
secure
hash
and
entity
cure
hash,
and
why
do
we
have
these
helper
functions?
Well
because
we
don't
want
to
end
up
oh
open
there.
I
went
and
I
broke
that
no.
I
used
it
okay,
great
because
this
is
it's
easier
for
us
to
audit
right.
So
if
we
always
see
usages
of
secure
hash
and
insecure
hash,
it's
very
easy
for
us
to
audit
our
code
base
to
see
you
know
whether
we're
using
the
right
thing
or
not
right.
A
And
so
we'll
do
a
secure
hash
of
the
contents
for
the
record
key
right.
So
that
way,
it's
unique
that
way.
No
every
threat
model
is
exactly
you
know,
whatever
the
the
contents
is
actually
maybe
we
should
not
do
that.
That
seems
like
a
recipe
for
screwing
this
up,
or
maybe
it's
not.
Let's
see.
A
To
do
security
validate
json
schema.
A
A
All
right
so
we'll
say,
source
data
set
throughout
modeling,
okay,
so
initial
load.
A
A
Threat
dragon
source
and
blank
okay,
all
right
dropped
our
shot
there
and
right
so
github
will
link
sha's
across
forks
because
internally,
it
stores
it
all
in
basically
the
same
way:
okay,
so
great
great,
great,
great,
great,
okay,
so
key
web
application,
all
right,
okay!
So
now
let
us,
let's
see
what
was
our
proposal
here?
A
A
Okay,
so
yes,
now
we
need
to
produce
the
open
architecture.
Well,
the
open
architecture
is
just
the
data
flow.
Oh
duh,
oh
my
god,
wow.
Sometimes
I
create
a
lot
more
work
for
myself
than
I
know
what
I'm
doing.
Okay,
oh
wow,
glad
I
had
that
realization
holy
that
almost
got
really
complicated,
wow
wow
wow.
A
Source,
okay,
so
let's
just
make
a
note
before
I
forget
data
flow,
and
this
is
why
everything
is
everything
we're
recording
everything
right.
So
then
everybody
else
if
you're,
if
you're
curious
you
want
to
follow
along,
you
want
to
contribute
everything
is
recorded
so
and
if
you
want
to
also
stream
your
work,
that
would
be
great
because
then
you
know
that
the
goal
is
for
us
to
have
completely
asynchronous
communication
or
well
actually
to
have
synchronous
communication
via
asynchronous
communication
right.
A
So
if
we
can,
all
so
say,
we're
all
and
stream,
so
so
streaming
right
now
like
I'm
streaming
right,
but
the
goal
is
to
have
alice
and
alice
will
basically
be
streaming
whatever
events
that
are
pertinent
to
your
co-developers
right
on
whatever
efforts,
you're
you're,
looking
at
or
whatever
line
of
projects
right.
And
so,
if
you
look
in
the
thread
about
the
let's
see
the
build
tree
inner
source
stuff,
let's
see.
A
Right
so
this
is
from
sarcoma,
yes,
nice
meeting
back
in
january,
so
I
updated
this
recently
with
you
know
some
some
thoughts.
You
know
maybe
looking
at
the
upstream,
the
overlay
in
the
orchestrator-
and
I
was
thinking
I
was
thinking
I
was
thinking
actually
data
flow
is
our
current
open
architecture.
A
Okay,
airflow
serialization
is
our
current
open
architecture.
Now
we
will
evolve
over
time.
Okay.
So,
let's,
let's
make
sure
that
we
include
all
the
items
which
we
would
like
to
see
in
a
manifest
okay,
oh
my
god,
the
merge
command.
Oh
my
god.
The
merge
command:
okay,
okay,
okay,
wow,
okay,
oh
my
god,
okay!
So
the!
What
does
the
merge
command?
Do
it
converts
data
from
one
format
to
another
effectively
right,
so
so
it
takes
takes
yeah
yeah.
So.
A
Actually,
I
should
link
to
that
thread.
Oh
oh,
what
we
were
gonna
say
so
overlay
present
orchestration
takes
us
to
the
future.
Okay.
A
A
This
is
I'm
going
to
put
state
of
the
art.
Remember
state
of
the
art
right,
so
state
of
the
art
is
whatever
we
think
is
eight
of
the
art
two
six
eleven
time
travel,
okay,.
A
All
right,
so,
what's
the
train
of
thought?
Okay,
so,
let's
see
state
of
the
art.
Okay,
so
let's
say
date.
How
are
we
to
do
this
date?
State-Of-The-Art
time,
travel,
comma
system
context.
Okay,
so
here
is
the
date
here
is
we're
saying
this
is
the
state
of
the
art
so
on
six,
so
on
june,
11th
of
2022,
the
state
of
the
art
train
of
thought
for
both
trains
of
thought,
of
align
trains
of
dot,
time,
travel
and
system
context
right,
so
tags
separated
by
commas.
A
All
right,
so,
okay!
So,
and
what
is
what
is?
What
is
this?
So
what
is,
let's
make
sure
that
we
include
oh
wait.
I
lost
this
so
right,
no,
no
losing
context.
Okay,
so.
A
A
Version
right,
so
these
are
the
things
that
we
care
about
all
right.
So
these
are
the
things
which
we
agreed
upon
right.
We
all
met,
so
not
all
of
us,
obviously
all
is
a
lot
that
would
be
like
what
7.8
billion
or
something
so
so
we
met
a
few
of
us
met
in
back
in
into
2021,
and
we
aligned
on
this
idea
of
a
manifest
right
and
the
manifest.
What
is
it
and
it
was
it-
was
it
was
jeremy,
jeremy,
jeremy?
What's
his
last
name,
er
ir
yeah
jeremy?
A
He
he
enlightened
a
lot
of
us
to
this
concept
of
of
well.
We
were
already
playing
it
with
the
second
party
stuff,
but
he
gave
it
a
little
more
structure.
You
know
we
had
talked
about
this
idea
of
like
the
manifest
this
list
of
artifacts
and
then
he
was
like.
You
know.
There's
orchestration
involved
and
I
was
like
whoa
light
bulb
so
great.
Thank
you,
jeremy,
okay,
so
and
then
we
started
said
well,
you
know,
okay.
So
if
we're
all
writing
these
things
called
manifests.
A
What
are
some
properties
of
them
that
we
could
use
to
tell
them
apart
right,
and
so
we
said
well,
a
manifest
should
have
a
schema,
a
format
name
and
a
format
version
right.
So
if
I
look
at
any
blob
of
data,
I
should
be
able
to
tell
the
schema
the
format
name
and
the
version
of
that
blob
of
data.
If
I
can
tell
the
schema
the
format
name
and
the
version,
then
it's
a
you
know,
then
then
it's
much
easier
to
work
with
right.
A
So
as
long
as
we
include
these
items,
then
it's
much
easier
to
parse
right.
So
now,
so
we
understand
that
this
is
a
threat.
Dragon
threat
model
right,
so
we've
explicitly
said
format.
Name
is
threat,
model
threat,
dragon
right
by
effectively
instantiating
the
source
as
a
a
threat.
Dragon
threat
model
right.
So
this
actually
would
be
a
good
thing
for
us
to
put
in
extras.
A
So
what
is
extras
extras
is
a
place
where
we
can
put
format
specific
data
right
so
source
specific
data
that
might
be
useful
when
saving
or
loading
a
source.
A
From
from
from
from
you
know,
basically
when,
when
saving
or
loading
a
source
right,
so
if
I
load
a
threat,
dragon
version
one
source
and
I
create
a
record
for
it
or
record
for
the
data-
then
I'm
going
to
you
know
then
I'll
need
to
save
it
back
and-
and
maybe
that
I
don't
know
you
know,
this
is
you'll,
see
you
no
okay,
so
so,
okay.
A
So
let's
take
a
look
at
this.
Let's
take
a
look
at
what
we
have
here
right.
So
if
I
look
at
this
record,
I
don't
know
how
to
save
it
back
to
an
appropriate
format.
Right,
I
just
know:
there's
some
features
throughout
model
dict,
great,
okay,
all
right!
This
is
what
this
is
just
a
giant
blob
of
data
right,
it's
meaningless
to
me
right
now,
right
now,
the
point
of
the
open
architecture
and
the
manifest
and
all
this
is
that
we
need
to
figure
out
what
the
hell
does.
A
This
data
mean
right,
and
so
what
we'll
do
is
we
can
say
so,
three
dragons
so
dataset
source.
So
let's
pull
out.
A
A
A
Okay,
so
a
wasp
threat,
dragon
schema,
oaster
dragon
docks
diagrams
about
okay,
and
I
like
to
use
the
the
I
was.
I
was
thinking
it
could
be
fun
to
overlay
a
keyboard,
so
you
can
see
what
keystrokes,
because
sometimes
people
do
keystrokes
right
and
then
what's
this.
A
A
Okay,
so
she
came
a
format
name
for
form,
name
version.
So,
let's
see
if
we
can
find-
and
I
heard
that
so
somebody
on
twitter
was
talking
about
schema.
A
A
How
much
time
do
we
have?
I
don't
have
enough
time
to
implement
a
parser
for
this
into
json
schema,
but
we
are
going
to
basically
say
that
this
docs
development
schema.
Let's
just
clone
it
real
quick.
A
A
A
A
Okay,
1.6.1,
okay
and
we'll
bump
it
and
okay,
so
we
bumped
the
miner
right
and
we
said,
and
so
now
what
we'll
do
is
we'll
go
open,
an
issue
to
them.
Let's
take
a
look
for
schema.
A
Schema,
okay,
so
describe
what
problem
feature
would
like
to
be
able
to
validate
conformity.
A
A
A
And
what's
the
format
name,
it's
the
entry
point
name
right
and
the
format
version
is
well
we're
not
sure
what
the
format
version
is
right
now
right,
so
I'm
going
to
put
a
url
right.
So
maybe
this
is
oh,
let's
start
right
down
json.
So
maybe
this
is
like
this
is
the
shima
url
right.
So
this
is
raw
and
says
format.
Version
right,
we
might
say,
excuse
me
url,
okay,
so,
okay,
so
to
do
what
time
check?
Okay,
I
gotta
go
fast
on
this.
Okay,
so
you
know,
I
think,
we're
okay.
A
A
Caffeine
apparently
makes
you
more
stressed
out,
so
I
had
to
quit
that
all
right.
So
I
hate
it's
a
pretty
strong
word,
but
I
don't
like
it
when
I
have
to
use
a
hard
code,
something
so
format
version
right.
So,
let's
just
take
it
as
a
parameter
right
now,.
A
A
A
A
A
A
A
Oh
yeah,
I
guess
it
runs
it
right
away.
Isn't
that
great
all
right!
So
now
we
see
so
extra
os
threat,
dragon
open
architecture,
feature
name
thread,
model
format,
name
thread,
dragon
format,
version
1.0.0
schema
and
then
the
link
to
the
schema
right
if
there
could
be
a
okay.
So
let's
jump
back
to
our
issue
right,
so
we
would
like
them
to
please
please
please,
please,
please
add
this
additional
context.
A
Okay,
and
then
we
can
link
to
this
video
where
hopefully,
people
won't
think
I'm
too
nuts,
so,
okay,
so
all
right
there
we
go
all
right,
so
additional
context
to
do
and
we'll
link
to
this
as
well
right.
So
this
is
what's
going
on
in
case.
Anybody
wants
to
know.
A
Working
group,
the
open
architecture
working
group
would
like
to
consume
threat
models
from
threat
dragon,
and
one
of
the
core
tenants
when
our
core
principles
is
to
of
the
open
architecture,
is
to
understand.
A
A
A
A
Is
to
understand
the
schema
of
the
data
brain
reference
within
domain
specific
formats.
A
A
A
A
A
A
A
A
Open
architecture,
all
right,
so
a
record
is
a
dfml
specific
object.
So
that's
okay
for
us
to
be
throwing
stuff
in
here
in
random
ways,
and
we
can
say:
okay
within
dfml
record
extra.
If
you
see
the
open
architecture
field,
then
this
is
the
way
you
should
treat
it.
Okay.
So,
within
that
you
look
at
the
features
you
can
see.
The
threat
model
feature
is
here's
the
manifest
manifest
metadata.
A
All
right,
so
I'm
going
to
post
metadata
all
right,
so
the
manifest
is
our
domain
specific
format
right.
So
the
open
architecture
is
the
general
format.
I
guess
you
can
have
a
manifest
for
the
the
the
the
you
know.
The
open
architectures
itself
has
a
manifest
and
the
manifest
is
sort
of
the
individual
document
right.
A
So
the
architect,
the
open
architecture
alice,
is
the
whole
thing,
as
well
as
the
execution
and
and
the
idea
of
the
system
context
right
and
then
the
manifest
is
the
description
of
each
domain,
specific
format,
of
which
the
open
architecture
is
a
domain
specific
format
and
has
its
own
manifest
metadata
right.
A
Okay,
so,
okay,
all
right!
Okay,
I'm
gonna,
take
another
break.
A
A
Okay,
so
add
so
now
we're
doing
a
commit
right,
so
git
commit
dash
sm
and
we
added
the
file
that
we
wanted
to
commit
and
now
we're
saying
which
is
dfml
source
data
set
threat,
modeling
and
now
we're
saying
add,
manifest
metadata.
A
A
Source,
okay,
so
and
then
we
should
so
actually
this
should
be
modify.
Data
flow
to
include
manifest
and
then
we'll
call
this
a
manifest
metadata.
A
Initial
open
architecture
source
so
use
export,
dfmo
service,
dev
export
to
create
a
programmatically.
A
Some
similar
to
what
was
done
in
with
cve
bend
tool
so
basically
we're
going
to.
A
A
A
A
A
A
So
merge,
okay,
so
manifestment,
okay,
so
okay
use
df
use,
dataflow
pre-processing
source
to
merge.
A
As
the
merge
source,
which
wraps,
which
pulls
from
the
threat
dragon
source.
A
A
Use
dfml
dev
services
programmatic
to
take
a
feature
which
is
a
data
flow
and
output,
is
or
yeah
to
take
a
feature
which
is
a
data
flow
and
output
it
to
a
flat
or
a
file
right.
Okay,.