Quality needs structure: Industrial experiences in systematically defining software security requirements

Christian Fruehwirth, Richard Mordinyi

    Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review


    Successful, quality software projects need to be able to rely on a sufficient level of security in order to manage the technical, legal and business risks that arise from distributed development. The definition of a 'sufficient' level of security however, is typically only captured in implicit requirements that are rarely gathered in a methodological way. Such an unstructured approach makes the work of quality managers incredibly difficult and often forces developers to unwillingly operate in an unclear/undefined security state throughout the project. Ideally, security requirements are elicited in methodological manner enabling a structured storage, retrieval, or checking of requirements. In this paper we report on the experiences of applying a structured requirements elicitation method and list a set of gathered reference security requirements. The reported experiences were gathered in an industrial setting using the open source platform OpenCIT in cooperation with industry partners. The output of this work enables security and quality conscious stakeholders in a software project to draw from our experiences and evaluate against a reference base line.

    Original languageEnglish
    Title of host publicationSoftware Quality: Process Automation in Software Development - 4th International Conference, SWQD 2012, Proceedings
    PublisherSpringer Verlag
    Number of pages13
    Volume94 LNBIP
    ISBN (Print)9783642272127
    Publication statusPublished - 2012
    MoE publication typeA4 Article in a conference publication
    EventInternational Conference on Software Quality Days - Vienna, Austria
    Duration: 17 Jan 201219 Jan 2012
    Conference number: 4

    Publication series

    NameLecture Notes in Business Information Processing
    Volume94 LNBIP
    ISSN (Print)18651348


    ConferenceInternational Conference on Software Quality Days
    Abbreviated titleSWQD


    • Distributed Software Engineering
    • Security Requirements


    Dive into the research topics of 'Quality needs structure: Industrial experiences in systematically defining software security requirements'. Together they form a unique fingerprint.

    Cite this