An Analysis for Understanding Software Security Requirement Methodologies

Abstract

Over the past two decades, large amount of work has been done to improve and assure software quality. However, as software development becomes more complex, distributed, and concurrent, security issues have great influence on software quality. Among those issues, the ones related to development of security requirement are especially critical to the development of software or software-intensive systems. In this paper, we will report our work on reviewing and analyzing different studies on software security requirement development to provide a common understanding for further research and study. Our major analysis findings include: Definition of security requirements in Common Criteria is a widely accepted one among various understandings; Elicitation and analysis are the mainstream activities during security requirement development; and process-oriented and reuse-based methods are gaining their popularities.