Empirical validation of security methods

K. Labunets, F. Massacci

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Copyright © by the paper's authors.Security requirements engineering is an important part of many software projects. Practitioners consider security requirements from the early stages of software development processes, but most of them do not use any formal method for security requirements engineering. According to a recent survey, only about 9% security practitioners implement formal process of elicitation and analysis of security requirements and risks. However, a number of methods have been recently proposed in academia to support practitioners in collecting and analysing security requirements. Unfortunately, these methods are not widely adopted in practice because there is a lack of empirical evidence that they work. Only few papers in requirements engineering have a solid empirical evidence of efficiency of proposed solutions. So how can we know that security methods work in practice? In this paper we propose to conduct a series of empirical studies to build a basis that a) will provide security practitioners with guidelines for selection of security requirements methods, and b) will help methods designer understand how to improve their methods.
Original languageEnglish
Title of host publicationProceedings of the Doctoral Symposium at the International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013
EditorsM. Heisel, E. Marchetti
PublisherCEUR-WS
Pages55-61
Publication statusPublished - 2013
Externally publishedYes
EventInternational Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013 - Rocquencort, Paris, France
Duration: 27 Feb 20131 Mar 2013

Publication series

NameCEUR Workshop Proceedings
ISSN (Print)1613-0073

Conference

ConferenceInternational Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013
CountryFrance
CityRocquencort, Paris
Period27/02/131/03/13

Fingerprint Dive into the research topics of 'Empirical validation of security methods'. Together they form a unique fingerprint.

Cite this