Protection Poker Ease Points
1. Consider the following as some criteria for the candidates for hardest to attack:
· New functionality does not create any new pages or user input fields.
· New functionality reduces the current number of pages or user input fields.
· New functionality removes current vulnerabilities.
2. Consider the following as some criteria for the candidates to easiest to attack:
· New functionality adds new pages.
· New functionality adds new user input fields
· New functionality may be used by many roles with significant read, write, update authority.
· New functionality requires updating access control permissions for each actor in the system.
· New functionality provides default usernames and passwords when the product is shipped:
· New functionality does not enforce strong passwords.
· New functionality does not require passwords to be changed every three months.