This repository contains and explains all assumptions made during the expert interviews.
- The file attacker_skill_assumptions.md explains the meaning of all attacker skills and their levels, as elaborated with the interviewed security experts.
- The file implementation_strength_assumptions.md explains the meaning of the attributes' implementation strengths and their levels, as elaborated with the interviewed security experts.
- The file general_feasibility_levels.md lists the interview results for all attribute-attacker skill combinations
- The .py files contain the scripts used to determine the attribute risk levels
The medium levels of attacker skills and implementation strengths were used to determine the general feasibility levels for all attributes, which can be found in the paper. Assuming medium levels for the attacker skills and implementation strength, the general feasibility level for each attribute and attacker skill was determined by the interviewed security experts based on their personal experience in the area of penetration testing. The general feasibility level represents how feasible it is that the respective attribute can be compromised with the respective attacker skill.