- search hit 1 of 1
"Open Weakness and Vulnerability Modeler" (OVVL) – An Updated Approach to Threat Modeling
- The development of secure software systems is of ever-increasing importance. While software companies often invest large amounts of resources into the upkeeping and general security properties of large-scale applications when in production, they appear to neglect utilizing threat modeling in the earlier stages of the software development lifecycle. When applied during the design phase ofThe development of secure software systems is of ever-increasing importance. While software companies often invest large amounts of resources into the upkeeping and general security properties of large-scale applications when in production, they appear to neglect utilizing threat modeling in the earlier stages of the software development lifecycle. When applied during the design phase of development, and continuously throughout development iterations, threat modeling can help to establish a "Secure by Design" approach. This approach allows issues relating to IT security to be found early during development, reducing the need for later improvement – and thus saving resources in the long term. In this paper the current state of threat modeling is investigated. This investigation drove the derivation of requirements for the development of a new threat modelling framework and tool, called OVVL. OVVL utilizes concepts of established threat modeling methodologies, as well as functionality not available in existing solutions.…
Document Type: | Conference Proceeding |
---|---|
Conference Type: | Konferenzartikel |
Zitierlink: | https://opus.hs-offenburg.de/3683 | Bibliografische Angaben |
Title (English): | "Open Weakness and Vulnerability Modeler" (OVVL) – An Updated Approach to Threat Modeling |
Conference: | 16th International Joint Conference on e-Business and Telecommunications (ICETE 2019), July 26-28, 2019, Prague, Czech Republic |
Author: | Andreas SchaadStaff MemberGND, Tobias Reski |
Year of Publication: | 2019 |
Page Number: | 8 |
First Page: | 417 |
Last Page: | 424 |
Parent Title (English): | Proceedings of the 16th International Joint Conference on e-Business and Telecommunications, Prague, Czech Republic - Volume 2: SECRYPT |
Volume: | 2 |
ISBN: | 978-989-758-378-0 |
DOI: | https://doi.org/10.5220/0007919004170424 |
Language: | English | Inhaltliche Informationen |
Institutes: | Forschung / CRT - Campus Research & Transfer |
Fakultät Medien und Informationswesen (M+I) (bis 21.04.2021) | |
Institutes: | Bibliografie |
Tag: | Risk Assessment; Security Engineering; Software Security; Threat Modeling | Formale Angaben |
Open Access: | Closed Access |
Licence (German): | Creative Commons - CC BY-NC-ND - Namensnennung - Nicht kommerziell - Keine Bearbeitungen 4.0 International |