ACM SIGSOFT Software Engineering Notes
Writing Secure Code
SRRS: a recommendation system for security requirements
Proceedings of the 2008 international workshop on Recommendation systems for software engineering
Towards usable cyber security requirements
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Later stages support for security requirements
The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations
A systematic review of security requirements engineering
Computer Standards & Interfaces
Building Secure Software Using XP
International Journal of Secure Software Engineering
Hi-index | 0.00 |
Traditionally, security requirements have been derived in an ad hoc manner. Recently, commercial software development organizations have been looking for ways to produce effective security requirements.In this paper, we show how to build security requirements in a structured manner that is conducive to iterative refinement and, if followed properly, metrics for evaluation. While requirements specification cannot be a complete science, we provide a framework that is an obvious improvement over traditional methods that do not consider security at all.We provide an example using a simple three-tiered architecture. The methodology we document is a subset of CLASP, a set of process pieces for application security that we have recently published, in conjunction with IBM/Rational.