Inger Anne Tøndel
Inger Anne Tøndel
Publikasjoner og ansvarsområder
Towards a Conceptual Framework for Security Requirements Work in Agile Software Development
The Security Intention Meeting Series as a way to increase visibility of software security decisions in agile development projects
To achieve a level of security that is just right, software development projects need to strike a balance between security and cost. This necessitates making such decisions as to what security activities to perform in development and which security requirements should be given priority. Current evid...
Collaborative security risk estimation in agile software development
Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security risk-estimation technique that is particularly suited for agile teams. Motivated ...
Understanding Challenges to Adoption of the Protection Poker Software Security Game
Currently, security requirements are often neglected in agile projects. Despite many approaches to agile security requirements engineering in literature, there is little empirical research available on why there is limited adoption of these techniques. In this paper we describe a case study on chall...
Threat Modeling in Modern Software Development
Threat modeling is a way to get an overview of possible attacks against your systems. The advantages of threat modeling include tackling security problems early, improved risk assessments, and more effective security testing. There will always be limited resources available for security, and threat ...
A Secure MANET Routing Protocol for Crisis Situations
Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects
Security Incident Information Exchange for Cloud Service Provisioning Chains
Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about incidents that occur at upstream CSPs to inform their users. In this paper, w...
Understanding challenges to adoption of the Microsoft Elevation of Privilege game
The goal of secure software engineering is to create software that keeps performing as intended even when exposed to an active attacker. Threat modelling is considered to be a key activity, but can be challenging to perform for developers. Microsoft has tried to lower the bar through creating a thre...