Software-Engineering Research Revisited
IEEE Software
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Security quality requirements engineering (SQUARE) methodology
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Healthcare Collaborative Network Solution Planning And Implementation
Healthcare Collaborative Network Solution Planning And Implementation
An Analysis of the Security Patterns Landscape
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Security Requirements Engineering: A Framework for Representation and Analysis
IEEE Transactions on Software Engineering
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Integrating security and systems engineering: towards the modelling of secure information systems
CAiSE'03 Proceedings of the 15th international conference on Advanced information systems engineering
A graphical approach to risk identification, motivated by empirical investigations
MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems
SP 800-53 Rev. 3. Recommended Security Controls for Federal Information Systems and Organizations
SP 800-53 Rev. 3. Recommended Security Controls for Federal Information Systems and Organizations
| Hi-index | 0.00 |
Most Secure Development Software Life Cycles (SSDLCs) start from security requirements. Security Management standards do likewise. There are several methods from industry and academia to elicit and analyze security requirements, but there are few empirical evaluations to investigate whether these methods are effective in identifying security requirements. Most of the papers published in the requirements engineering community report on methods'evaluations that are conducted by the same researchers who have designed the methods. The goal of this paper is to investigate how successfull academic security requirements methods are when applied by someone different than the method designer. The paper reports on a medium scale qualitative study where master students in computer science and professionals have applied academic security requirements engineering methods to analyze the security risks of a specific application scenario. The study has allowed the identification of methods' strenghts and limitations.