Visible to the public Existing Vulnerability Information in Security Requirements Elicitation

TitleExisting Vulnerability Information in Security Requirements Elicitation
Publication TypeConference Paper
Year of Publication2022
AuthorsAmin, Md Rayhan, Bhowmik, Tanmay
Conference Name2022 IEEE 30th International Requirements Engineering Conference Workshops (REW)
Date Publishedaug
Keywordscomposability, compositionality, Conferences, Information Reuse, pubcrawl, requirements engineering, resilience, Resiliency, security, security requirements elicitation, software engineering, Software systems, Software Vulnerability
AbstractIn software engineering, the aspect of addressing security requirements is considered to be of paramount importance. In most cases, however, security requirements for a system are considered as non-functional requirements (NFRs) and are addressed at the very end of the software development life cycle. The increasing number of security incidents in software systems around the world has made researchers and developers rethink and consider this issue at an earlier stage. An important and essential step towards this process is the elicitation of relevant security requirements. In a recent work, Imtiaz et al. proposed a framework for creating a mapping between existing requirements and the vulnerabilities associated with them. The idea is that, this mapping can be used by developers to predict potential vulnerabilities associated with new functional requirements and capture security requirements to avoid these vulnerabilities. However, to what extent, such existing vulnerability information can be useful in security requirements elicitation is still an open question. In this paper, we design a human subject study to answer this question. We also present the results of a pilot study and discuss their implications. Preliminary results show that existing vulnerability information can be a useful resource in eliciting security requirements and lays ground work for a full scale study.
DOI10.1109/REW56159.2022.00049
Citation Keyamin_existing_2022