Threat analysis of software systems: A systematic literature review

Publikationstyp
Review Article
Date Issued
2018-10
Sprache
English
Author(s)
Tuma, Katja  
Calikli, G.  
Scandariato, Riccardo  
TORE-URI
http://hdl.handle.net/11420/10133
Journal
The journal of systems and software  
Start Page
275
End Page
294
Citation
Journal of Systems and Software 144: 275-294 (2018-10)
Publisher DOI
10.1016/j.jss.2018.06.073
Scopus ID
2-s2.0-85049335581
Architectural threat analysis has become an important cornerstone for organizations concerned with developing secure software. Due to the large number of existing techniques it is becoming more challenging for practitioners to select an appropriate threat analysis technique. Therefore, we conducted a systematic literature review (SLR) of the existing techniques for threat analysis. In our study we compare 26 methodologies for what concerns their applicability, characteristics of the required input for analysis, characteristics of analysis procedure, characteristics of analysis outcomes and ease of adoption. We also provide insight into the obstacles for adopting the existing approaches and discuss the current state of their adoption in software engineering trends (e.g. Agile, DevOps, etc.). As a summary of our findings we have observed that: the analysis procedure is not precisely defined, there is a lack of quality assurance of analysis outcomes and tool support and validation are limited.
Subjects
Risk assessment
Security-by-design
Software systems
Systematic literature review (SLR)
Threat analysis (modeling)