Title: A descriptive study of Microsoft's threat modeling technique
Authors: Scandariato, Riccardo ×
Wuyts, Kim
Joosen, Wouter #
Issue Date: Dec-2013
Publisher: Springer-Verlag
Series Title: Requirements Engineering pages:1-18
Article number: 10.1007/s00766-013-0195-2
Abstract: Microsoft's STRIDE is a popular threat modeling technique commonly used to discover the security weaknesses of a software system. Despite its successful adoption, to date no empirical study has been carried out to quantify its cost and effectiveness. The contribution of this paper is the evaluation of STRIDE via a descriptive study that involved 57 students in their last master year in computer science.
The study addresses three research questions. First, it assesses how many valid threats per hour are produced on average. Second, it evaluates the correctness of the analysis results by looking at the average number of false positives, i.e., the incorrect threats. Finally, it determines the completeness of the analysis results by looking at the average number of false negatives, i.e., the overlooked threats.
ISSN: 0947-3602
Publication status: published
KU Leuven publication type: IT
Appears in Collections:Informatics Section
× corresponding author
# (joint) last author

Files in This Item:
File Description Status SizeFormat
rej-stride.pdf Submitted 559KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.

© Web of science