Software security is an important quality aspect of a software system. Therefore, it is important to integrate software security touch points throughout the development life-cycle. So far, the focus of touch points in the early phases has been on the identification of threats and attacks. In this paper we propose a novel method focusing on the end product by prioritizing countermeasures. The method provides an extension to attack trees and a process for identification and prioritization of countermeasures. The approach has been applied on an open-source application and showed that countermeasures could be identified. Furthermore, an analysis of the effectiveness and cost-efficiency of the countermeasures could be provided. © 2010 Springer-Verlag.
CITATION STYLE
Baca, D., & Petersen, K. (2010). Prioritizing countermeasures through the countermeasure method for software security (CM-Sec). In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6156 LNCS, pp. 176–190). https://doi.org/10.1007/978-3-642-13792-1_15
Mendeley helps you to discover research relevant for your work.