Risk management in software development: a technology overview and the Riskit method
Proceedings of the 21st international conference on Software engineering
Building secure software: how to avoid security problems the right way
Building secure software: how to avoid security problems the right way
Information Security Risk Analysis
Information Security Risk Analysis
Writing Secure Code
Software Security: Building Security In
Software Security: Building Security In
Threat modeling using attack trees
Journal of Computing Sciences in Colleges
Evaluating the cost reduction of static code analysis for software security
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Journal of Systems and Software
Rational choice of security measures via multi-parameter attack trees
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Agile development with security engineering activities
Proceedings of the 2011 International Conference on Software and Systems Process
Equality in cumulative voting: A systematic review with an improvement proposal
Information and Software Technology
Attribute Decoration of Attack-Defense Trees
International Journal of Secure Software Engineering
Quantitative questions on attack: defense trees
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Countermeasure graphs for software security risk assessment: An action research
Journal of Systems and Software
Hi-index | 0.00 |
Software security is an important quality aspect of a software system. Therefore, it is important to integrate software security touch points throughout the development life-cycle. So far, the focus of touch points in the early phases has been on the identification of threats and attacks. In this paper we propose a novel method focusing on the end product by prioritizing countermeasures. The method provides an extension to attack trees and a process for identification and prioritization of countermeasures. The approach has been applied on an open-source application and showed that countermeasures could be identified. Furthermore, an analysis of the effectiveness and cost-efficiency of the countermeasures could be provided.