Protection Poker Ease Points

 

 

1.       Consider the following as some criteria for the candidates for hardest to attack:

·         New functionality does not create any new pages or user input fields.

·         New functionality reduces the current number of pages or user input fields.

·         New functionality removes current vulnerabilities.

2.       Consider the following as some criteria for the candidates to easiest to attack:

·         New functionality adds new pages.

·         New functionality adds new user input fields

·         New functionality may be used by many roles with significant read, write, update authority.

·         New functionality requires updating access control permissions for each actor in the system.

·         New functionality provides default usernames and passwords when the product is shipped:

·         New functionality does not enforce strong passwords.

·         New functionality does not require passwords to be changed every three months.