CINECA IRIS Institutional Research Information System
IRIS è l'Anagrafe della ricerca dell'Università degli Studi di Trento, e ha lo scopo di raccogliere, documentare, diffondere e conservare le informazioni relative alla produzione scientifica degli autori afferenti all'Università degli Studi di Trento.
EnglishMost Secure Development Software Life Cycles (SSDLCs) start from security requirements. Security Management standards do likewise. There are several methods from industry and academia to elicit and analyze security requirements, but there are few empirical evaluations to investigate whether these methods are effective in identifying security requirements. Most of the papers published in the requirements engineering community report on methods’evaluations that are conducted by the same researchers who have designed the methods. The goal of this paper is to investigate how successfull academic security requirements methods are when applied by someone different than the method designer. The paper reports on a medium scale qualitative study where master students in computer science and professionals have applied academic security requirements engineering methods to analyze the security risks of a specific application scenario. The study has allowed the identification of methods’ strenghts and limitations.
| Titolo: | How to Select a Security Requirements Method? A Comparative Study with Students and Practitioners |
| Autori Unitn: | |
| Anno di pubblicazione: | 2012 |
| Abstract: | Most Secure Development Software Life Cycles (SSDLCs) start from security requirements. Security Management standards do likewise. There are several methods from industry and academia to elicit and analyze security requirements, but there are few empirical evaluations to investigate whether these methods are effective in identifying security requirements. Most of the papers published in the requirements engineering community report on methods’evaluations that are conducted by the same researchers who have designed the methods. The goal of this paper is to investigate how successfull academic security requirements methods are when applied by someone different than the method designer. The paper reports on a medium scale qualitative study where master students in computer science and professionals have applied academic security requirements engineering methods to analyze the security risks of a specific application scenario. The study has allowed the identification of methods’ strenghts and limitations. |
| Handle: | http://hdl.handle.net/11572/96583 |
| ISBN: | 9783642342103 |
| Appare nelle tipologie: | 04.1 Saggio in atti di convegno (Paper in proceedings) |
File in questo prodotto:
Copyright © 2018