Open source vs. closed source software: towards measuring security
Proceedings of the 2009 ACM symposium on Applied Computing
Improving CVSS-based vulnerability prioritization and response with context information
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
A stochastic model of attack process for the evaluation of security metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Threat modeling of a mobile device management system for secure smart work
Electronic Commerce Research
| Hi-index | 0.00 |
This paper presents a quantitative threat modeling method, the Threat Modeling method based on Attack Path Analysis (T-MAP), which quantifies security threats by calculating the total severity weights of relevant Attack Paths for Commercial Off The Shelf (COTS) systems. Compared to existing approaches, TMAP is sensitive to an organization's business value priorities and IT environment. It distills the technical details of thousands of relevant software vulnerabilities into management-friendly numbers at a high-level. T-MAP can help system designers evaluate the security performance of COTS systems and analyze the effectiveness of security practices. In the case study, we demonstrate the steps of using T-MAP to analyze the cost-effectiveness of how system patching and upgrades can improve security. In addition, we introduce a software tool that automates the T-MAP.