Should we add mitigation in words/sentences across each risk or show it in design (in class and sequence diagrams) ?
I saw in this forum that many people have put items as out of scope or put them in assumptions that are good to have and just concentrate on the given usecases.
For many security ristks we have to introduce many design
patterns which will increase the scope ...and ofcourse takes more time/effort. ..
For non functional part , (to improve performance, xxxlities etc ..) i guess we could cover that in the design and atleast mention how the design will cover achieve them ..
Any comments ?? Any one who have passed part 2 and 3 ...please respond ??
Thanks