Sciweavers

Share
ICSE
2007
IEEE-ACM

Stakeholder Value Driven Threat Modeling for Off the Shelf Based Systems

11 years 11 months ago
Stakeholder Value Driven Threat Modeling for Off the Shelf Based Systems
er abstract summarizes the Threat Modeling method based on Attacking Path Analysis (T-MAP) which quantifies and prioritizes security threats by calculating the total severity weights of relevant attacking paths for Commercial Off The Shelf (COTS) based systems. Compared to existing approaches, T-MAP is dynamic and sensitive to system stakeholder value priorities and IT environment. It distills the technical details of thousands of relevant software vulnerabilities into management-friendly numbers at a high-level. In its initial usage in a large IT organization, T-MAP has demonstrated significant strength in COTS vulnerability prioritizing and estimating security investment effectiveness, as well as COTS security assessment in early project life-cycle. Furthermore, a software tool has been developed to automate the T-MAP.
Yue Chen
Added 09 Dec 2009
Updated 09 Dec 2009
Type Conference
Year 2007
Where ICSE
Authors Yue Chen
Comments (0)
books