Benefits of constructing misuse cases-
- It helps the designer, architect, and the developer think beyond just “building” the software – they are forced to think of breaking it and safeguarding it from threats
- It lists out scenarios of misuse and hacks and helps the team be aware of most, if not all, of the potential threats
- Building a software application with misuse cases in consideration makes it more defensive, mature, and inherently secure
- The misuse cases give a real-world view of potential vulnerabilities in the system – both by accidental misuse and deliberate malicious attacks
Drawbacks of constructing misuse cases-
- Misuse cases are granular in scope, and they offer limited security at a low-end micro level and cannot cover the larger picture
- Constructing misuse cases can be a long drawn out and expensive process
- Misuse cases can get complex, highly specific, with very low probability rate, and a high cost of implementation
- The list of misuse cases can get overwhelming and can distract and take away focus from the constructive use cases
- A misuse case list in the wrong hands (especially when not all of them have been protected against) can be a blueprint for hacking into the system