Appendix C. An Exercise in Risk Analysis: Smurfware[1]

The following simple study can give you a flavor of what it is like to do an architectural risk analysis (see Chapter 5). Even though this example is beyond contrived, working through it (especially if you follow the process described in this book) is an excellent pedagogical tool. Try doing this exercise with a group. Drink some wine. And don’t cheat!

SmurfWare SmurfScanner Risk Assessment Case Study


This case study presents a real-world architecture and description of a software system. Please read through the description, look at the architecture diagram, and then answer the questions given. Thinking about how the system works (and how your understanding differs from someone else’s) ...

Get Software Security: Building Security In now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.