Software Security Requirements Gathering Instrument
نویسندگان
چکیده
Security breaches are largely caused by the vulnerable software. Since individuals and organizations mostly depend on softwares, it is important to produce in secured manner. The first step towards producing secured software is through gathering security requirements. This paper describes Software Security Requirements Gathering Instrument (SSRGI) that helps gather security requirements from the various stakeholders. This will guide the developers to gather security requirements along with the functional requirements and further incorporate security during other phases of software development. We subsequently present case studies that describe the integration of the SSRGI instrument with Software Requirements Specification (SRS) document as specified in standard IEEE 830-1998. Proposed SSRGI will support the software developers in gathering security requirements in detail during requirements gathering phase.
منابع مشابه
Software Security Checklist for the Software Life Cycle
A formal approach to security in the software life cycle is essential to protect corporate resources. However, little thought has been given to this aspect of software development. Traditionalb, software security has been treated as an afterthought leading to a cycle of ‘penetrate and patch. ’ Due to its criticality, security should be integrated as a formal approach .in the software life cycle...
متن کاملSecSDM: A Model for Integrating Security into the Software Development Life Cycle
Most traditional software development methodologies do not explicitly include a standardised method for incorporating information security into their life cycles. It is argued that security considerations should provide input into every phase of the Software Development Life Cycle (SDLC), from requirements gathering to design, implementation, testing and deployment. Therefore, to build more sec...
متن کاملA Parametric Approach for Security Testing of Internet Applications
Security is one of the prime concerns for all the Internet applications. Often it is noticed that during testing of the application, security doesn’t get due focus and whatever security testing is done, it is mainly limited to security functionality testing as captured in the requirements document. Any mistake at requirement gathering stage can leave the application vulnerable to potential atta...
متن کاملSqueezing the Authorization Problem Through a Shrinking Window for Requirements
Information system deployment is squeezed by a shrinking commitment to requirements definition and an expanding need to determine the security requirements of such systems, due to the emphasis on internet access, online transactions, and workflow. This paper investigates the causes and effects of this squeeze. For the users of engineering information systems, the most important aspect of securi...
متن کاملPromoting the use of Design Evaluation Techniques within Software Development
The importance of evaluating the design of software is essential to the success of the final software product. Design evaluation is widely used within the Human Computer Interaction (HCI) community. Note, that the American Evaluation Association (AEA) defines design evaluation as the systematic approach to the gathering and analysis of data to define requirements, to assess the merit, worth and...
متن کامل