Most Secure Development Software Life Cycles (SSDLCs) start from security requirements. Security Management standards do likewise. There are several methods from industry and academia to elicit and analyze security requirements, but there are few empirical evaluations to investigate whether these methods are effective in identifying security requirements. Most of the papers published in the requirements engineering community report on methods’evaluations that are conducted by the same researchers who have designed the methods. The goal of this paper is to investigate how successfull academic security requirements methods are when applied by someone different than the method designer. The paper reports on a medium scale qualitative study where master students in computer science and professionals have applied academic security requirements engineering methods to analyze the security risks of a specific application scenario. The study has allowed the identification of methods’ strenghts and limitations.
Titolo: | How to Select a Security Requirements Method? A Comparative Study with Students and Practitioners |
Autori: | Massacci, Fabio; Paci, Federica |
Autori Unitn: | |
Titolo del volume contenente il saggio: | Secure IT Systems |
Luogo di edizione: | Berlin |
Casa editrice: | Springer Berlin/Heidelberg |
Anno di pubblicazione: | 2012 |
Codice identificativo Scopus: | 2-s2.0-84868373023 |
ISBN: | 9783642342103 |
Handle: | http://hdl.handle.net/11572/96583 |
Appare nelle tipologie: | 04.1 Saggio in atti di convegno (Paper in proceedings) |