Prioritizing security regression test cases using threat models

Abstract

When existing software is modified, regression testing provides an approach to gain confidence that no unexpected security vulnerabilities have been introduced. If faults or vulnerabilities were introduced by the change, it is beneficial to identify them as soon as possible. Prioritizing regression test cases by their risk exposure improves the likelihood that faults will be found early. This paper reviews regression test case prioritization methods and provides an example prioritization of security regression test cases based on a threat model.