Appendix C. An Exercise in Risk Analysis: Smurfware[1]

The following simple study can give you a flavor of what it is like to do an architectural risk analysis (see Chapter 5). Even though this example is beyond contrived, working through it (especially if you follow the process described in this book) is an excellent pedagogical tool. Try doing this exercise with a group. Drink some wine. And don’t cheat!

SmurfWare SmurfScanner Risk Assessment Case Study

Instructions

This case study presents a real-world architecture and description of a software system. Please read through the description, look at the architecture diagram, and then answer the questions given. Thinking about how the system works (and how your understanding differs from someone else’s) ...

Get Software Security: Building Security In now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.