Attack-defense trees (ADTs) are a prominent graphical threat modeling method that is highly recommended for analyzing and communicating security-related information. Despite this, existing empirical studies of attack trees have established their acceptability only for users with highly technical (computer science) backgrounds while raising questions about their suitability for threat modeling stakeholders with a limited technical background. Our research addresses this gap by investigating the impact of the users' technical background on ADT acceptability in an empirical study. Our Method Evaluation Model-based study consisted of n = 102 participants (53 with a strong computer science background and 49 with a limited computer science background) who were asked to complete a series of ADT-related tasks. By analyzing their responses and comparing the results, we reveal that a very limited technical background is sufficient for ADT acceptability. This finding underscores attack trees' viability as a threat modeling method.

翻译：攻击防御树（ADT）是一种重要的图形化威胁建模方法，被高度推荐用于分析和传达安全相关信息。尽管如此，现有对攻击树的实证研究仅证实了其对于具有高度技术（计算机科学）背景用户的适用性，同时引发了关于该方法是否适合技术背景有限的威胁建模参与者的疑问。本研究通过实证调查用户技术背景对ADT可接受性的影响来填补这一空白。我们基于方法评估模型的研究包含n = 102名参与者（53名具有较强计算机科学背景，49名具有有限计算机科学背景），他们被要求完成一系列ADT相关任务。通过分析其响应结果并进行比较，我们发现非常有限的技术背景足以满足ADT的可接受性。这一发现证实了攻击树作为威胁建模方法的可行性。