Issue No.03 - May/June (2007 vol.5)
Johan Peeters , Independent Consultant
Paul Dyson , e2x
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2007.56
The authors discuss what abuse cases bring to software development in terms of planning. They don't assume a fixed budget is assigned to security measures but that budgetary constraints apply to the project as a whole. The authors believe it's reasonable, and often necessary, to trade functionality against security, so the question isn't how to prioritize security requirements but how to prioritize the development effort across both functional and security requirements.
use cases, abuse cases, software development, security
Johan Peeters, Paul Dyson, "Cost-Effective Security", IEEE Security & Privacy, vol.5, no. 3, pp. 85-87, May/June 2007, doi:10.1109/MSP.2007.56