Abstract
AbstractMost Secure Development Software Life Cycles (SSDLCs) start from security requirements. Security Management standards do likewise. There are several methods from industry and academia to elicit and analyze security requirements, but there are few empirical evaluations to investigate whether these methods are effective in identifying security requirements. Most of the papers published in the requirements engineering community report on methods’evaluations that are conducted by the same researchers who have designed the methods.The goal of this paper is to investigate how successfull academic security requirements methods are when applied by someone different than the method designer. The paper reports on a medium scale qualitative study where master students in computer science and professionals have applied academic security requirements engineering methods to analyze the security risks of a specific application scenario. The study has allowed the identification of methods’ strenghts and limitations.KeywordsSecurity RequirementApplication ScenarioSecurity MethodProblem FrameMaster StudentThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
