By Topic

Defining Misuse within the Development Process

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Peterson, Gunnar ; Arctec Group, Minneapolis, MN ; Steven, John

The software development industry often brings in security at the eleventh hour, right before developers throw the code over the wall - that is, deploy it into production - and asks, "Well, is it secure?" At this point, hilarity - for the objective observers, anyhow - ensues as security personnel work feverishly to shove crypto, firewalls, and all the other mechanisms at their disposal into the most egregious risk areas. To combat this antipattern, the software security discipline has worked to instantiate itself closer to the beginning of the software development life cycle (SDLC). After signing off on a software project, use cases represent the earliest opportunity for involvement. Misuse cases; prescribe one such way for security to involve itself in early brainstorming. That article outlined misuse cases as a way to help analysts characterize what misuses or abuses attackers could promulgate against a system. This article extends this outline to how to create useful misuse cases within the development process

Published in:

Security & Privacy, IEEE  (Volume:4 ,  Issue: 6 )