August 2018
Beginner
594 pages
22h 33m
English
Content preview from Software Architect's Handbook
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Prioritizing potential threats
Once threats have been identified and categorized, we can prioritize them based on their potential impact on the software system, the likelihood that they may occur, and the ease with which they can be exploited. These qualities can be used to give a qualitative ranking (for example, High, Medium, and Low) to prioritize threats.
Another approach to prioritizing threats is to utilize a threat-risk ranking model. The DREAD risk assessment model is one example of this type of ranking model.