Abstract
We have developed a domain-specific modeling language named CORAL that employs risk assessment to help security testers select and design test cases based on the available risk picture. In this paper, we present CORAL and then discuss why the language is designed the way it is, and what we could have done differently.