Issue No. 03 - May/June (2007 vol. 5)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2007.56
Johan Peeters , Independent Consultant
Paul Dyson , e2x
The authors discuss what abuse cases bring to software development in terms of planning. They don't assume a fixed budget is assigned to security measures but that budgetary constraints apply to the project as a whole. The authors believe it's reasonable, and often necessary, to trade functionality against security, so the question isn't how to prioritize security requirements but how to prioritize the development effort across both functional and security requirements.
use cases, abuse cases, software development, security
J. Peeters and P. Dyson, "Cost-Effective Security," in IEEE Security & Privacy, vol. 5, no. , pp. 85-87, 2007.