Writing Secure Code
Architecting Enterprise Solutions: Patterns for High-Capability Internet-based Systems
Architecting Enterprise Solutions: Patterns for High-Capability Internet-based Systems
Misuse and Abuse Cases: Getting Past the Positive
IEEE Security and Privacy
Defining Misuse within the Development Process
IEEE Security and Privacy
SRRS: a recommendation system for security requirements
Proceedings of the 2008 international workshop on Recommendation systems for software engineering
Later stages support for security requirements
The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Hi-index | 0.00 |
The authors discuss what abuse cases bring to software development in terms of planning. They don't assume a fixed budget is assigned to security measures but that budgetary constraints apply to the project as a whole. The authors believe it's reasonable, and often necessary, to trade functionality against security, so the question isn't how to prioritize security requirements but how to prioritize the development effort across both functional and security requirements.