Constructing Misuse Cases: Benefits and Drawbacks

Benefits of constructing misuse cases-

  • It helps the designer, architect, and the developer think beyond just “building” the software – they are forced to think of breaking it and safeguarding it from threats
  • It lists out scenarios of misuse and hacks and helps the team be aware of most, if not all, of the potential threats
  • Building a software application with misuse cases in consideration makes it more defensive, mature, and inherently secure
  • The misuse cases give a real-world view of potential vulnerabilities in the system – both by accidental misuse and deliberate malicious attacks

Drawbacks of constructing misuse cases-

  • Misuse cases are granular in scope, and they offer limited security at a low-end micro level and cannot cover the larger picture
  • Constructing misuse cases can be a long drawn out and expensive process
  • Misuse cases can get complex, highly specific, with very low probability rate, and a high cost of implementation
  • The list of misuse cases can get overwhelming and can distract and take away focus from the constructive use cases
  • A misuse case list in the wrong hands (especially when not all of them have been protected against) can be a blueprint for hacking into the system