search menu icon-carat-right cmu-wordmark

An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods

White Paper
In this paper, the authors provide background information on penetration testing processes and practices.

Software Engineering Institute


This article describes a comparison of six security requirements prioritization methods: analytical hierarchy process (AHP), accelerated requirements method (ARM) prioritization, priority poker, cost-benefit model, security investment decision dashboard (SIDD), and COCOMO-II security extensions.