A replication of a controlled experiment with two STRIDE variants

08/02/2022
by   Winnie Mbaka, et al.
0

To avoid costly security patching after software deployment, security-by-design techniques (e.g., STRIDE threat analysis) are adopted in organizations to root out security issues before the system is ever implemented. Despite the global gap in cybersecurity workforce and the high manual effort required for performing threat analysis, organizations are ramping up threat analysis activities. However, past experimental results were inconclusive regarding some performance indicators of threat analysis techniques thus practitioners have little evidence for choosing the technique to adopt. To address this issue, we replicated a controlled experiment with STRIDE. Our study was aimed at measuring and comparing the performance indicators (productivity and precision) of two STRIDE variants (element and interaction). We conclude the paper by comparing our results to the original study.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
08/02/2022

Human Aspect of Threat Analysis: A Replication

Background: Organizations are experiencing an increasing demand for secu...
research
10/08/2019

Finding Security Threats That Matter: An Industrial Case Study

Recent trends in the software engineering (i.e., Agile, DevOps) have sho...
research
11/13/2021

AttacKG: Constructing Technique Knowledge Graph from Cyber Threat Intelligence Reports

Cyber attacks are becoming more sophisticated and diverse, making detect...
research
04/05/2023

Advanced Security Threat Modelling for Blockchain-Based FinTech Applications

Cybersecurity threats and vulnerabilities continue to grow in number and...
research
01/11/2019

How Good is Your Data? Investigating the Quality of Data Generated During Security Incident Response Investigations

An increasing number of cybersecurity incidents prompts organizations to...
research
05/08/2020

Human Error in IT Security

This paper details on the analysis of human error, an IT security issue,...
research
04/29/2020

Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the 'Hacktivist' Threat to Critical Infrastructure

The hacktivist threat actor is listed in many risk decision documents. Y...

Please sign up or login with your details

Forgot password? Click here to reset