A Regression Model Based Approach for Identifying Security Requirements in Open Source Software Development
| Title | A Regression Model Based Approach for Identifying Security Requirements in Open Source Software Development |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Wang, W., Hussein, N., Gupta, A., Wang, Y. |
| Conference Name | 2017 IEEE 25th International Requirements Engineering Conference Workshops (REW) |
| ISBN Number | 978-1-5386-3488-2 |
| Keywords | coding theory, comment security aspect, comment writing, Complexity theory, compositionality, cryptography, formal specification, information retrieval, just-in-time requirements engineering, lightweight representation, logistic regression, Logistics, Measurement, Metrics, Open Source Software, open source software development, OSS projects, pubcrawl, regression analysis, regression model based approach, requirements engineering, resilience, Resiliency, security, security of data, security requirements identification, security requirements identification methods, software engineering, Testing, textual information retrieval techniques, up-front RE |
| Abstract | There are several security requirements identification methods proposed by researchers in up-front requirements engineering (RE). However, in open source software (OSS) projects, developers use lightweight representation and refine requirements frequently by writing comments. They also tend to discuss security aspect in comments by providing code snippets, attachments, and external resource links. Since most security requirements identification methods in up-front RE are based on textual information retrieval techniques, these methods are not suitable for OSS projects or just-in-time RE. In our study, we propose a new model based on logistic regression to identify security requirements in OSS projects. We used five metrics to build security requirements identification models and tested the performance of these metrics by applying those models to three OSS projects. Our results show that four out of five metrics achieved high performance in intra-project testing. |
| URL | http://ieeexplore.ieee.org/document/8054894/ |
| DOI | 10.1109/REW.2017.56 |
| Citation Key | wang_regression_2017 |
- open source software development
- up-front RE
- textual information retrieval techniques
- testing
- software engineering
- security requirements identification methods
- security requirements identification
- security of data
- security
- Resiliency
- resilience
- requirements engineering
- regression model based approach
- regression analysis
- pubcrawl
- OSS projects
- coding theory
- Open Source Software
- Metrics
- Measurement
- Logistics
- logistic regression
- lightweight representation
- just-in-time requirements engineering
- information retrieval
- Formal Specification
- Cryptography
- Compositionality
- Complexity theory
- comment writing
- comment security aspect