Software Security: Building Security In

Appendix C. An Exercise in Risk Analysis: Smurfware^[1]

^[1] This exercise was developed by Michal Propieszalski and has been used at Cigital to teach architectural risk analysis for several years.

The following simple study can give you a flavor of what it is like to do an architectural risk analysis (see Chapter 5). Even though this example is beyond contrived, working through it (especially if you follow the process described in this book) is an excellent pedagogical tool. Try doing this exercise with a group. Drink some wine. And don't cheat!