Abstract
Security of software systems is critical to business because detected security flaws such as the loss of sensitive information or damages can decrease revenue significantly [8]. One reason for security problems is the lack of security awareness in software development. If software engineers are not aware of security concerns as early as in requirements engineering, they cannot appropriately address them in their design decisions [4]. As a consequence, security requirements and derived decisions for the design of a software system have to be identified and documented. The first challenge is to identify security-related aspects in natural language requirements. They are often described implicitly. Our approach aims to make those aspects explicit through heuristics. The second challenge is to document design decisions based on identified security concerns. Significant portions of knowledge explaining decisions remain implicit during development, so that developing and maintaining the system becomes increasingly difficult over time [2]. For this purpose, our approach is intended to capture and document decisions and their rationale explicitly as a resource for future decision-making. In this paper, we present our tool-supported approach and how it is used in requirements engineering to document decisions.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
