Quality needs structure: Industrial experiences in systematically defining software security requirements

Christian Fruehwirth; Richard Mordinyi

doi:10.1007/978-3-642-27213-4_15

Quality needs structure: Industrial experiences in systematically defining software security requirements

Christian Fruehwirth
, Richard Mordinyi

Institute of Telecommunications

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

Abstrakti

Successful, quality software projects need to be able to rely on a sufficient level of security in order to manage the technical, legal and business risks that arise from distributed development. The definition of a 'sufficient' level of security however, is typically only captured in implicit requirements that are rarely gathered in a methodological way. Such an unstructured approach makes the work of quality managers incredibly difficult and often forces developers to unwillingly operate in an unclear/undefined security state throughout the project. Ideally, security requirements are elicited in methodological manner enabling a structured storage, retrieval, or checking of requirements. In this paper we report on the experiences of applying a structured requirements elicitation method and list a set of gathered reference security requirements. The reported experiences were gathered in an industrial setting using the open source platform OpenCIT in cooperation with industry partners. The output of this work enables security and quality conscious stakeholders in a software project to draw from our experiences and evaluate against a reference base line.

Alkuperäiskieli	Englanti
Otsikko	Software Quality: Process Automation in Software Development - 4th International Conference, SWQD 2012, Proceedings
Kustantaja	Springer
Sivut	217-229
Sivumäärä	13
Vuosikerta	94 LNBIP
ISBN (painettu)	9783642272127
DOI - pysyväislinkit	https://doi.org/10.1007/978-3-642-27213-4_15
Tila	Julkaistu - 2012
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisussa
Tapahtuma	International Conference on Software Quality Days - Vienna, Itävalta Kesto: 17 tammik. 2012 → 19 tammik. 2012 Konferenssinumero: 4

Julkaisusarja

Nimi	Lecture Notes in Business Information Processing
Vuosikerta	94 LNBIP
ISSN (painettu)	18651348

Conference

Conference	International Conference on Software Quality Days
Lyhennettä	SWQD
Maa/Alue	Itävalta
Kaupunki	Vienna
Ajanjakso	17/01/2012 → 19/01/2012

Pääsy asiakirjaan

10.1007/978-3-642-27213-4_15

Muut tiedostot ja linkit

Link to publication in Scopus

Siteeraa tätä

Fruehwirth, C., & Mordinyi, R. (2012). Quality needs structure: Industrial experiences in systematically defining software security requirements. teoksessa Software Quality: Process Automation in Software Development - 4th International Conference, SWQD 2012, Proceedings (Vuosikerta 94 LNBIP, Sivut 217-229). (Lecture Notes in Business Information Processing; Vuosikerta 94 LNBIP). Springer. https://doi.org/10.1007/978-3-642-27213-4_15

Fruehwirth, Christian ; Mordinyi, Richard. / Quality needs structure : Industrial experiences in systematically defining software security requirements. Software Quality: Process Automation in Software Development - 4th International Conference, SWQD 2012, Proceedings. Vuosikerta 94 LNBIP Springer, 2012. Sivut 217-229 (Lecture Notes in Business Information Processing).

@inproceedings{3fc70340a06d42afbf91f25f6d6a49d5,

title = "Quality needs structure: Industrial experiences in systematically defining software security requirements",

abstract = "Successful, quality software projects need to be able to rely on a sufficient level of security in order to manage the technical, legal and business risks that arise from distributed development. The definition of a 'sufficient' level of security however, is typically only captured in implicit requirements that are rarely gathered in a methodological way. Such an unstructured approach makes the work of quality managers incredibly difficult and often forces developers to unwillingly operate in an unclear/undefined security state throughout the project. Ideally, security requirements are elicited in methodological manner enabling a structured storage, retrieval, or checking of requirements. In this paper we report on the experiences of applying a structured requirements elicitation method and list a set of gathered reference security requirements. The reported experiences were gathered in an industrial setting using the open source platform OpenCIT in cooperation with industry partners. The output of this work enables security and quality conscious stakeholders in a software project to draw from our experiences and evaluate against a reference base line.",

keywords = "Distributed Software Engineering, Security Requirements",

author = "Christian Fruehwirth and Richard Mordinyi",

year = "2012",

doi = "10.1007/978-3-642-27213-4\_15",

language = "English",

isbn = "9783642272127",

volume = "94 LNBIP",

series = "Lecture Notes in Business Information Processing",

publisher = "Springer",

pages = "217--229",

booktitle = "Software Quality: Process Automation in Software Development - 4th International Conference, SWQD 2012, Proceedings",

address = "Germany",

note = "International Conference on Software Quality Days, SWQD ; Conference date: 17-01-2012 Through 19-01-2012",

}

Fruehwirth, C & Mordinyi, R 2012, Quality needs structure: Industrial experiences in systematically defining software security requirements. julkaisussa Software Quality: Process Automation in Software Development - 4th International Conference, SWQD 2012, Proceedings. Vuosikerta 94 LNBIP, Lecture Notes in Business Information Processing, Vuosikerta 94 LNBIP, Springer, Sivut 217-229, International Conference on Software Quality Days, Vienna, Itävalta, 17/01/2012. https://doi.org/10.1007/978-3-642-27213-4_15

Quality needs structure: Industrial experiences in systematically defining software security requirements. / Fruehwirth, Christian; Mordinyi, Richard.
Software Quality: Process Automation in Software Development - 4th International Conference, SWQD 2012, Proceedings. Vuosikerta 94 LNBIP Springer, 2012. s. 217-229 (Lecture Notes in Business Information Processing; Vuosikerta 94 LNBIP).

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference article in proceedings › Scientific › vertaisarvioitu

TY - GEN

T1 - Quality needs structure

T2 - International Conference on Software Quality Days

AU - Fruehwirth, Christian

AU - Mordinyi, Richard

N1 - Conference code: 4

PY - 2012

Y1 - 2012

N2 - Successful, quality software projects need to be able to rely on a sufficient level of security in order to manage the technical, legal and business risks that arise from distributed development. The definition of a 'sufficient' level of security however, is typically only captured in implicit requirements that are rarely gathered in a methodological way. Such an unstructured approach makes the work of quality managers incredibly difficult and often forces developers to unwillingly operate in an unclear/undefined security state throughout the project. Ideally, security requirements are elicited in methodological manner enabling a structured storage, retrieval, or checking of requirements. In this paper we report on the experiences of applying a structured requirements elicitation method and list a set of gathered reference security requirements. The reported experiences were gathered in an industrial setting using the open source platform OpenCIT in cooperation with industry partners. The output of this work enables security and quality conscious stakeholders in a software project to draw from our experiences and evaluate against a reference base line.

AB - Successful, quality software projects need to be able to rely on a sufficient level of security in order to manage the technical, legal and business risks that arise from distributed development. The definition of a 'sufficient' level of security however, is typically only captured in implicit requirements that are rarely gathered in a methodological way. Such an unstructured approach makes the work of quality managers incredibly difficult and often forces developers to unwillingly operate in an unclear/undefined security state throughout the project. Ideally, security requirements are elicited in methodological manner enabling a structured storage, retrieval, or checking of requirements. In this paper we report on the experiences of applying a structured requirements elicitation method and list a set of gathered reference security requirements. The reported experiences were gathered in an industrial setting using the open source platform OpenCIT in cooperation with industry partners. The output of this work enables security and quality conscious stakeholders in a software project to draw from our experiences and evaluate against a reference base line.

KW - Distributed Software Engineering

KW - Security Requirements

UR - https://www.scopus.com/pages/publications/84855929678

U2 - 10.1007/978-3-642-27213-4_15

DO - 10.1007/978-3-642-27213-4_15

M3 - Conference article in proceedings

AN - SCOPUS:84855929678

SN - 9783642272127

VL - 94 LNBIP

T3 - Lecture Notes in Business Information Processing

SP - 217

EP - 229

BT - Software Quality: Process Automation in Software Development - 4th International Conference, SWQD 2012, Proceedings

PB - Springer

Y2 - 17 January 2012 through 19 January 2012

ER -

Fruehwirth C, Mordinyi R. Quality needs structure: Industrial experiences in systematically defining software security requirements. julkaisussa Software Quality: Process Automation in Software Development - 4th International Conference, SWQD 2012, Proceedings. Vuosikerta 94 LNBIP. Springer. 2012. s. 217-229. (Lecture Notes in Business Information Processing). doi: 10.1007/978-3-642-27213-4_15

Quality needs structure: Industrial experiences in systematically defining software security requirements

Abstrakti

Julkaisusarja

Conference

Pääsy asiakirjaan

Muut tiedostot ja linkit

Sormenjälki

Siteeraa tätä