Protection Poker Ease Points

 

 

1.       Consider the following as some criteria for the candidates for hardest to attack:

         New functionality does not create any new pages or user input fields.

         New functionality reduces the current number of pages or user input fields.

         New functionality removes current vulnerabilities.

2.       Consider the following as some criteria for the candidates to easiest to attack:

         New functionality adds new pages.

         New functionality adds new user input fields

         New functionality may be used by many roles with significant read, write, update authority.

         New functionality requires updating access control permissions for each actor in the system.

         New functionality provides default usernames and passwords when the product is shipped:

         New functionality does not enforce strong passwords.

         New functionality does not require passwords to be changed every three months.