Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Countermeasure graphs for software security risk assessment: An action research
Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation.
Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation.
2013 (Engelska)Ingår i: Journal of Systems and Software, ISSN 0164-1212, Vol. 86, nr 9, s. 2411-2428Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Software security risk analysis is an important part of improving software quality. In previous research we proposed countermeasure graphs (CGs), an approach to conduct risk analysis, combining the ideas of different risk analysis approaches. The approach was designed for reuse and easy evolvability to support agile software development. CGs have not been evaluated in industry practice in agile software development. In this research we evaluate the ability of CGs to support practitioners in identifying the most critical threats and countermeasures. The research method used is participatory action research where CGs were evaluated in a series of risk analyses on four different telecom products. With Peltier (used prior to the use of CGs at the company) the practitioners identified attacks with low to medium risk level. CGs allowed practitioners to identify more serious risks (in the first iteration 1 serious threat, 5 high risk threats, and 11 medium threats). The need for tool support was identified very early, tool support allowed the practitioners to play through scenarios of which countermeasures to implement, and supported reuse. The results indicate that CGs support practitioners in identifying high risk security threats, work well in an agile software development context, and are cost-effective.

Ort, förlag, år, upplaga, sidor
Elsevier , 2013. Vol. 86, nr 9, s. 2411-2428
Nyckelord [en]
Countermeasure graphs, Risk analysis, Software security
Nationell ämneskategori
Programvaruteknik
Identifikatorer
URN: urn:nbn:se:bth-6675DOI: 10.1016/j.jss.2013.04.023ISI: 000323870300017Lokalt ID: oai:bth.se:forskinfoEA9523F0735CA7C0C1257B750045013COAI: oai:DiVA.org:bth-6675DiVA, id: diva2:834199
Tillgänglig från: 2014-07-17 Skapad: 2013-05-24 Senast uppdaterad: 2018-01-11Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltext

Personposter BETA

Baca, DejanPetersen, Kai

Sök vidare i DiVA

Av författaren/redaktören
Baca, DejanPetersen, Kai
Av organisationen
Sektionen för datavetenskap och kommunikation
Programvaruteknik

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetricpoäng

doi
urn-nbn
Totalt: 196 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf