Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ESSOS
2009
Springer
2009
Springer
Protection Poker: Structuring Software Security Risk Assessment and Knowledge Transfer
Discovery of security vulnerabilities is on the rise. As a result, software development teams must place a higher priority on preventing the injection of vulnerabilities in software as it is developed. Because the focus on software security has increased only recently, software development teams often do not have expertise in techniques for identifying security risk, understanding the impact of a vulnerability, or knowing the best mitigation strategy. We propose the Protection Poker activity as a collaborative and informal form of misuse case development and threat modeling that plays off the diversity of knowledge and perspective of the participants. An excellent outcome of Protection Poker is that security knowledge passed around the team. Students in an advanced undergraduate software engineering course at North Carolina State University participated in a Protection Poker session conducted as a laboratory exercise. Students actively shared misuse cases, threat models, and their limi...
Real-time TrafficESSOS 2009 | Protection Poker | Software Development Teams | Software Engineering | Software Security |
| Added | 19 May 2010 |
| Updated | 19 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | ESSOS |
| Authors | Laurie Williams, Michael Gegick, Andrew Meneely |
Comments (0)
Researcher Info
|
