View
Publication Type
Conference Proceedings
Author, Analytic
Busby-Earle, Curtis C.; Mugisa, Ezra K.
Author Role
n/a
Author Affiliation
n/a
Paper/Section Title
Towards Writing Secure Software Requirements.
Medium Designator
n/a
Connective Phrase
n/a
Editor/Compiler
Breu, R.
Editor/Compiler Role
n/a
Proceedings Title
Proceedings of the IASTED International Conference SOFTWARE ENGINEERING.
Date of Meeting
February 17-19, 2009.
Place of Meeting
Innsbruck, Austria.
Place of Publication
n/a
Publisher Name
n/a
Date of Publication
2009
Date of Copyright
n/a
Volume ID
n/a
Location in Work
n/a
Extent of Work
n/a
Packaging Method
n/a
Series Editor
n/a
Series Editor Role
n/a
Series Title
n/a
Series Volume ID
n/a
Location/URL
n/a
ISBN
n/a
Notes
n/a
Abstract
The role of the requirements engineer (RE) is usually that of a technical generalist and therefore expertise in disciplines other than requirements engineering such as software security, is not expected. However, many of the methods and techniques used for the elicitation and development of software security requirements are heavily reliant on security expertise, are threat based and subjective. We present the first elements in the development of a tool to be used by REs to write secure software requirements. We created a prototype whose purpose is to identify potential security concerns based on an analysis of derived requirements using a format we developed. It illustrates how our format was used to identify extant security concerns in an application, solely from its requirements document. In so doing we also demonstrate that our identification process is amenable to automation.....
read more