Assessing and Communicating Software Security: Enhancing Software Product Health with Architectural Threat Analysis
J. Strüwer, R. Trentinaglia, B. Wohlers, E. Bodden, R. Dumitrescu, in: AHFE International, AHFE International, 2025.
Download
No fulltext has been uploaded.
Conference Paper
| Published
| English
Author
Strüwer, Jan-niclas;
Trentinaglia, RomanLibreCat 
;
Wohlers, BenedictLibreCat;
Bodden, EricLibreCat ;
Dumitrescu, RomanLibreCat
;
Wohlers, BenedictLibreCat;
Bodden, EricLibreCat ;
Dumitrescu, RomanLibreCatDepartment
Abstract
<jats:p>Assessing and communicating software security has become a crucial concern in the era of digital transformation. As software systems grow more complex and interconnected, it becomes increasingly challenging to effectively evaluate and communicate a product's security status to both technical and non-technical stakeholders. The Software Product Health Assistant (SPHA) is designed to automatically collect and aggregate data from existing expert tools and derive, among other scores, a transparent Security Score. SPHA is designed to present and explain this Security Score to decision-makers to support their responsibilities. In this paper, we demonstrate how to integrate data from SMARAGD (System Modeler for Architectural Risk Assessment and Guidance on Defenses), a safety-informed threat modeling tool, into SPHA to enhance the existing definition of its Security Score. To achieve this, we combine information about known vulnerabilities with architectural and threat data to calculate a realistic risk score for the product in question.</jats:p>
Publishing Year
Proceedings Title
AHFE International
Volume
168
ISSN
LibreCat-ID
Cite this
Strüwer J, Trentinaglia R, Wohlers B, Bodden E, Dumitrescu R. Assessing and Communicating Software Security: Enhancing Software Product Health with Architectural Threat Analysis. In: AHFE International. Vol 168. AHFE International; 2025. doi:10.54941/ahfe1006145
Strüwer, J., Trentinaglia, R., Wohlers, B., Bodden, E., & Dumitrescu, R. (2025). Assessing and Communicating Software Security: Enhancing Software Product Health with Architectural Threat Analysis. AHFE International, 168. https://doi.org/10.54941/ahfe1006145
@inproceedings{Strüwer_Trentinaglia_Wohlers_Bodden_Dumitrescu_2025, title={Assessing and Communicating Software Security: Enhancing Software Product Health with Architectural Threat Analysis}, volume={168}, DOI={10.54941/ahfe1006145}, booktitle={AHFE International}, publisher={AHFE International}, author={Strüwer, Jan-niclas and Trentinaglia, Roman and Wohlers, Benedict and Bodden, Eric and Dumitrescu, Roman}, year={2025} }
Strüwer, Jan-niclas, Roman Trentinaglia, Benedict Wohlers, Eric Bodden, and Roman Dumitrescu. “Assessing and Communicating Software Security: Enhancing Software Product Health with Architectural Threat Analysis.” In AHFE International, Vol. 168. AHFE International, 2025. https://doi.org/10.54941/ahfe1006145.
J. Strüwer, R. Trentinaglia, B. Wohlers, E. Bodden, and R. Dumitrescu, “Assessing and Communicating Software Security: Enhancing Software Product Health with Architectural Threat Analysis,” in AHFE International, 2025, vol. 168, doi: 10.54941/ahfe1006145.
Strüwer, Jan-niclas, et al. “Assessing and Communicating Software Security: Enhancing Software Product Health with Architectural Threat Analysis.” AHFE International, vol. 168, AHFE International, 2025, doi:10.54941/ahfe1006145.
Google Scholar