Empirical validation of security methods

K. Labunets; F. Massacci

Empirical validation of security methods

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Copyright © by the paper's authors.Security requirements engineering is an important part of many software projects. Practitioners consider security requirements from the early stages of software development processes, but most of them do not use any formal method for security requirements engineering. According to a recent survey, only about 9% security practitioners implement formal process of elicitation and analysis of security requirements and risks. However, a number of methods have been recently proposed in academia to support practitioners in collecting and analysing security requirements. Unfortunately, these methods are not widely adopted in practice because there is a lack of empirical evidence that they work. Only few papers in requirements engineering have a solid empirical evidence of efficiency of proposed solutions. So how can we know that security methods work in practice? In this paper we propose to conduct a series of empirical studies to build a basis that a) will provide security practitioners with guidelines for selection of security requirements methods, and b) will help methods designer understand how to improve their methods.

Original language	English
Title of host publication	Proceedings of the Doctoral Symposium at the International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013
Editors	M. Heisel, E. Marchetti
Publisher	CEUR-WS
Pages	55-61
Publication status	Published - 2013
Externally published	Yes
Event	International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013 - Rocquencort, Paris, France Duration: 27 Feb 2013 → 1 Mar 2013

Publication series

Name	CEUR Workshop Proceedings
ISSN (Print)	1613-0073

Conference

Conference	International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013
Country/Territory	France
City	Rocquencort, Paris
Period	27/02/13 → 1/03/13

Persistent URL (handle)

Persistent link

Cite this

@inproceedings{067586bc3c07491ead1f6d017159eac1,

title = "Empirical validation of security methods",

abstract = "Copyright {\textcopyright} by the paper's authors.Security requirements engineering is an important part of many software projects. Practitioners consider security requirements from the early stages of software development processes, but most of them do not use any formal method for security requirements engineering. According to a recent survey, only about 9\% security practitioners implement formal process of elicitation and analysis of security requirements and risks. However, a number of methods have been recently proposed in academia to support practitioners in collecting and analysing security requirements. Unfortunately, these methods are not widely adopted in practice because there is a lack of empirical evidence that they work. Only few papers in requirements engineering have a solid empirical evidence of efficiency of proposed solutions. So how can we know that security methods work in practice? In this paper we propose to conduct a series of empirical studies to build a basis that a) will provide security practitioners with guidelines for selection of security requirements methods, and b) will help methods designer understand how to improve their methods.",

author = "K. Labunets and F. Massacci",

year = "2013",

language = "English",

series = "CEUR Workshop Proceedings",

publisher = "CEUR-WS",

pages = "55--61",

editor = "M. Heisel and E. Marchetti",

booktitle = "Proceedings of the Doctoral Symposium at the International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013",

note = "International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013 ; Conference date: 27-02-2013 Through 01-03-2013",

}

Labunets, K & Massacci, F 2013, Empirical validation of security methods. in M Heisel & E Marchetti (eds), Proceedings of the Doctoral Symposium at the International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013. CEUR Workshop Proceedings, CEUR-WS, pp. 55-61, International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013, Rocquencort, Paris, France, 27/02/13.

Empirical validation of security methods. / Labunets, K.; Massacci, F.
Proceedings of the Doctoral Symposium at the International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013. ed. / M. Heisel; E. Marchetti. CEUR-WS, 2013. p. 55-61 (CEUR Workshop Proceedings).

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Empirical validation of security methods

AU - Labunets, K.

AU - Massacci, F.

PY - 2013

Y1 - 2013

N2 - Copyright © by the paper's authors.Security requirements engineering is an important part of many software projects. Practitioners consider security requirements from the early stages of software development processes, but most of them do not use any formal method for security requirements engineering. According to a recent survey, only about 9% security practitioners implement formal process of elicitation and analysis of security requirements and risks. However, a number of methods have been recently proposed in academia to support practitioners in collecting and analysing security requirements. Unfortunately, these methods are not widely adopted in practice because there is a lack of empirical evidence that they work. Only few papers in requirements engineering have a solid empirical evidence of efficiency of proposed solutions. So how can we know that security methods work in practice? In this paper we propose to conduct a series of empirical studies to build a basis that a) will provide security practitioners with guidelines for selection of security requirements methods, and b) will help methods designer understand how to improve their methods.

AB - Copyright © by the paper's authors.Security requirements engineering is an important part of many software projects. Practitioners consider security requirements from the early stages of software development processes, but most of them do not use any formal method for security requirements engineering. According to a recent survey, only about 9% security practitioners implement formal process of elicitation and analysis of security requirements and risks. However, a number of methods have been recently proposed in academia to support practitioners in collecting and analysing security requirements. Unfortunately, these methods are not widely adopted in practice because there is a lack of empirical evidence that they work. Only few papers in requirements engineering have a solid empirical evidence of efficiency of proposed solutions. So how can we know that security methods work in practice? In this paper we propose to conduct a series of empirical studies to build a basis that a) will provide security practitioners with guidelines for selection of security requirements methods, and b) will help methods designer understand how to improve their methods.

UR - https://www.scopus.com/pages/publications/84924365855

UR - https://www.scopus.com/inward/citedby.url?scp=84924365855&partnerID=8YFLogxK

M3 - Conference contribution

T3 - CEUR Workshop Proceedings

SP - 55

EP - 61

BT - Proceedings of the Doctoral Symposium at the International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013

A2 - Heisel, M.

A2 - Marchetti, E.

PB - CEUR-WS

T2 - International Symposium on Engineering Secure Software and Systems, ESSoS-DS 2013

Y2 - 27 February 2013 through 1 March 2013

ER -

Empirical validation of security methods

Abstract

Publication series

Conference

Persistent URL (handle)

Other files and links

Fingerprint

Cite this