Safety-critical infrastructures must operate safely and securely. Fault tree and attack tree analysis are widespread methods used to assess risks in these systems: fault trees (FTs) are requiredamong others-by the Federal Aviation Administration, the Nuclear Regulatory Commission, in the ISO26262 standard for autonomous driving and for software development in aerospace systems. Attack trees (ATs) are hierarchical diagrams that offer a flexible modelling language used to assess how systems can be attacked. ATs are widely employed both in industry and academia: they are referred to by many system engineering frameworks, e.g. UMLsec and SysMLsec, and are supported by industrial tools such as Isograph's AttackTree. In this paper we will briefly present advancements on logics for property specification on FTs and ATs and pitch the idea of an extended model that combines FTs and ATs: risk propagation graphs.