Assessing and Communicating Software Security: Enhancing Software Product Health with Architectural Threat Analysis
Abstract
Assessing and communicating software security has become a crucial concern in the era of digital transformation. As software systems grow more complex and interconnected, it becomes increasingly challenging to effectively evaluate and communicate a product's security status to both technical and non-technical stakeholders. The Software Product Health Assistant (SPHA) is designed to automatically collect and aggregate data from existing expert tools and derive, among other scores, a transparent Security Score. SPHA is designed to present and explain this Security Score to decision-makers to support their responsibilities. In this paper, we demonstrate how to integrate data from SMARAGD (System Modeler for Architectural Risk Assessment and Guidance on Defenses), a safety-informed threat modeling tool, into SPHA to enhance the existing definition of its Security Score. To achieve this, we combine information about known vulnerabilities with architectural and threat data to calculate a realistic risk score for the product in question.
Keywords: Quantifying Cybersecurity Risk, Threat Modeling, Risk Assessment, Security Metrics
DOI: 10.54941/ahfe1006145
Cite this paper
More from this volume
- Human Factors and Strategic Approaches in Cybersecurity: Threats for Critical Infrastructures in NIS2 Dοmains
- Charting Trustworthiness: A Socio-Technical Perspective on AI and Human Factors
- Exploring How College Students’ Mental Models of Cybersecurity Threats Predict Cyber Knowledge and Hygiene
- Leveraging Complex Access Scenarios (CAS) to Bridge Human-Centered HCI
- Towards Scalable Solutions of Operational Technology Cybersecurity in Smart Energy Networks
- Threats and Security Strategies for IoMT Infusion Pumps
- Analysis of Large Language and Instance-Based Learning Models in Mimicking Human Cyber-Attack Strategies in HackIT Simulator
- Resolving Conflicts Between PSIRT and Safety Teams: A Collaborative Approach
- Next Generation BCM solution
- Investigating Human Factors Engineering Integration in ATC Cybersecurity Resilience


AHFE Open Access