Understanding the project survey
Questions and answers
The questions and answers of the Project Survey determine the project’s settings. You can think of answering questions as filtering relevant content for your project. As you answer the survey’s questions for your project, Project Countermeasures become relevant to it.
Questions and answers in the Project Survey are organized in the following way, where sections contain subsections, subsections contain questions, and questions contain answers:
When you answer a question, you activate a set of rules that behave as conditions for your project’s settings. An answer becomes applicable when those conditions are met. You can think of these applicability conditions as “Applicable When” rules.
In this example, the answer is only applicable when .NET has been selected as a technology or framework:
How “Applicable When” rules work
When you explicitly check an answer in the Project Survey, it will always remain checked until it is no longer selectable due to changes to other answers. An answer is no longer applicable (and not selectable) when none of its rules are met. In terms of Boolean values, an answer that is not selectable is evaluated as FALSE. If an answer has no rules, it is always applicable (and selectable).
This means that any answer that is selected is treated as TRUE, while any answer that is not selected is treated as FALSE. Answers can be selected either by being explicitly checked by you, or by being implied.
Implied answers
Answers can be selected in two ways: explicitly (manually checked), and implicitly (implied by logic). Implied answers can be both hidden from and visible to users. The advantage of hidden implied answers is that they cannot be explicitly changed in the survey (manual clicking). However, they can still be changed by “Applicable When” rules or by unselecting the answer that implies it.
Hidden implied answers
Hidden implied answers help with assigning only one answer to a Countermeasure instead of having too many answers associated with it.
For example, imagine that a Countermeasure is applicable when the application has a web application interface. It can be a mobile application with a web interface, or an application whose “application type” is “web application”. In this case, having a hidden “Generic Web App” can help you assign only one answer to the relevant Countermeasures.
Example:
In this example, these two questions imply a third question, as shown below:
A4.Type of Application: Web application
A1079.Involved Components: Includes a web application component
Implication:
A1080.Internal Properties: The application is a generic web application.
Only the last answer should be assigned to a Countermeasure. The effect is that, regardless of whether A4 or A1079 is checked, A1080 will be TRUE.
You can add new hidden answers by accessing them here:
Section: <Hidden> → Subsection: <Internal Hidden Properties> → Question: <Internal Properties (Use this, for all hidden answers)>
You can also use hidden answers as “Applicable When” rules, or as implied answers for your own custom-made answers. However, be aware that you cannot remove or modify any of SD Elements’ default hidden answers because they are locked. Removing them would interfere with internal applicability rules.
Visible implied answers
Visible implied answers are suggestions for your project’s characteristics. They are selected automatically based on your selection of other answers, and you can deselect them as necessary.
Example:
Android (visible) → (implies) → Java (visible).
You check Android and Java is automatically checked because Android implies Java. What happens when you deselect Java? Only Java is unchecked. Implied answers do not have an IF → THEN relationship.
It is possible to have an Android application without Java checked. If answer A → answer B (A implies B), it does not generally mean that whenever you have A, you have B. You should not think of it as logical association. Java is an implied suggestion and can be deselected, even though it is likely that if your project uses Android as a platform, it also uses the Java programming language.
Important notes
-
New rules based on release updates to SD Elements will not take effect unless you access the survey again for editing and save the changes.
-
For example, if you have checked Java and not Android, and SD Elements changes the survey logic to make Java only applicable when Android is selected, SD Elements will not make Java evaluate as FALSE in your project, or require you to explicitly select Android to make Java an implied selection. However, as soon as you re-open the survey for editing, SD Elements will reevaluate all of the rules. Those changes will not take effect unless you save the survey.
-
-
SD Elements will always evaluate implication rules first and “Applicable When” rules second.
-
First, SD Elements applies the implications of your answers, then it prunes the answers that are not compatible using “Applicable When” rules. Answer selection rules are never applied midway through this process.
-
Checking and unchecking answers
Consider the following actions and their results for understanding how “Applicable When” rules and implication rules behave.
-
SD Elements checks if the checked answer or its implications imply any other answers, then selects all implied answers.
-
SD Elements reevaluates the “Applicable When” rules of all answers and disables or enables them accordingly.
Example:
-
B implies A
-
A is only applicable when C is selected
-
When B is checked, C is not yet checked → A is not yet applicable and cannot be selected
-
After checking B, you check C → A becomes applicable and can be selected (explicitly and implicitly)
-
B is unchecked and re-checked → A becomes checked by implication
-
SD Elements checks if any other chain of answers has been implicitly selected by the unchecked answer, and then unchecks all implied answers.
-
SD Elements will not uncheck answers explicitly checked by you or answers that are implied by another answer (in the case that a particular answer is implied by multiple answers).
-
-
SD Elements reevaluates the “Applicable When” rules of all answers and disables or enables them accordingly.
-
If B is only “Applicable When” A is selected, then unchecking A will gray out B and evaluate it as FALSE — even if B were explicitly checked.
-
Example:
-
B implies A
-
B is explicitly or implicitly checked
-
A is checked (as a result)
-
B is explicitly or implicitly unchecked
-
A is unchecked
But if you explicitly check A, the application does not overwrite your choice. SD Elements only keeps track of explicitly checked answers, not unchecked answers.