Empirical validation of security methods

K. Labunets, F. Massacci

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review


Copyright © by the paper's authors.Security requirements engineering is an important part of many software projects. Practitioners consider security requirements from the early stages of software development processes, but most of them do not use any formal method for security requirements engineering. According to a recent survey, only about 9% security practitioners implement formal process of elicitation and analysis of security requirements and risks. However, a number of methods have been recently proposed in academia to support practitioners in collecting and analysing security requirements. Unfortunately, these methods are not widely adopted in practice because there is a lack of empirical evidence that they work. Only few papers in requirements engineering have a solid empirical evidence of efficiency of proposed solutions. So how can we know that security methods work in practice? In this paper we propose to conduct a series of empirical studies to build a basis that a) will provide security practitioners with guidelines for selection of security requirements methods, and b) will help methods designer understand how to improve their methods.
Original languageEnglish
Title of host publicationProceedings of the Doctoral Symposium at the International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013
EditorsM. Heisel, E. Marchetti
Publication statusPublished - 2013
Externally publishedYes
EventInternational Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013 - Rocquencort, Paris, France
Duration: 27 Feb 20131 Mar 2013

Publication series

NameCEUR Workshop Proceedings
ISSN (Print)1613-0073


ConferenceInternational Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013
CityRocquencort, Paris


Dive into the research topics of 'Empirical validation of security methods'. Together they form a unique fingerprint.

Cite this