Prioritizing Countermeasures through the Countermeasure Method for Software Security (CM-Sec)
Blekinge Institute of Technology, School of Computing2010 (English)Conference paper (Refereed) Published
Software security is an important quality aspect of a software system. Therefore, it is important to integrate software security touch points throughout the development life-cycle. So far, the focus of touch points in the early phases has been on the identification of threats and attacks. In this paper we propose a novel method focusing on the end product by prioritizing countermeasures. The method provides an extension to attack trees and a process for identification and prioritization of countermeasures. The approach has been applied on an open-source application and showed that countermeasures could be identified. Furthermore, an analysis of the effectiveness and cost-efficiency of the countermeasures could be provided.
Place, publisher, year, edition, pages
Limerick: Springer , 2010.
software security, vulnerabilities, attack trees, countermeasures
IdentifiersURN: urn:nbn:se:bth-7793ISI: 000286415300015Local ID: oai:bth.se:forskinfoECE853A029D3AECEC125774C0038EA76ISBN: 978-3-642-13791-4OAI: oai:DiVA.org:bth-7793DiVA: diva2:835455
11th International Conference on Product-Focused Software Process Improvement, PROFES 2010
Published in Springer Lecture Notes in Computer Science2012-09-182010-06-242015-06-30Bibliographically approved