Industrial experiences with Misuse Cases

Abstract

The misuse case methodology is an approach for eliciting security requirements in software development projects. Misuse cases are an extension of the well-known use case methodology, and use the same basic types of diagrams and documentation forms. This thesis presents a study of the introduction and application of the misuse case methodology in a development team in the computer software industry. A qualitative research approach, with workshops and interviews has been applied to determine the usability and effectiveness of misuse cases. In addition, the practioners' perception of the method has been investigated, as this is believed to be an important factor for the adoption of the method in the team's engineering process. The results show that the method was easy to learn, easy to use and gave a good result compared to the time and resources used.