Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Countermeasure graphs for software security risk assessment: An action research
Blekinge Institute of Technology, School of Computing.
Blekinge Institute of Technology, School of Computing.
2013 (English)In: Journal of Systems and Software, ISSN 0164-1212, Vol. 86, no 9, 2411-2428 p.Article in journal (Refereed) Published
Abstract [en]

Software security risk analysis is an important part of improving software quality. In previous research we proposed countermeasure graphs (CGs), an approach to conduct risk analysis, combining the ideas of different risk analysis approaches. The approach was designed for reuse and easy evolvability to support agile software development. CGs have not been evaluated in industry practice in agile software development. In this research we evaluate the ability of CGs to support practitioners in identifying the most critical threats and countermeasures. The research method used is participatory action research where CGs were evaluated in a series of risk analyses on four different telecom products. With Peltier (used prior to the use of CGs at the company) the practitioners identified attacks with low to medium risk level. CGs allowed practitioners to identify more serious risks (in the first iteration 1 serious threat, 5 high risk threats, and 11 medium threats). The need for tool support was identified very early, tool support allowed the practitioners to play through scenarios of which countermeasures to implement, and supported reuse. The results indicate that CGs support practitioners in identifying high risk security threats, work well in an agile software development context, and are cost-effective.

Place, publisher, year, edition, pages
Elsevier , 2013. Vol. 86, no 9, 2411-2428 p.
Keyword [en]
Countermeasure graphs, Risk analysis, Software security
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-6675DOI: 10.1016/j.jss.2013.04.023ISI: 000323870300017Local ID: oai:bth.se:forskinfoEA9523F0735CA7C0C1257B750045013COAI: oai:DiVA.org:bth-6675DiVA: diva2:834199
Available from: 2014-07-17 Created: 2013-05-24 Last updated: 2017-03-17Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Baca, DejanPetersen, Kai
By organisation
School of Computing
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 88 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf