Towards a Security Requirements Management Framework for Open-Source Software

2018 IEEE 26th International Requirements Engineering Conference (RE) Pub Date : 2018-08-01 DOI:10.1109/RE.2018.00065

Wentao Wang

{"title":"Towards a Security Requirements Management Framework for Open-Source Software","authors":"Wentao Wang","doi":"10.1109/RE.2018.00065","DOIUrl":null,"url":null,"abstract":"Security refers to a class of non-functional requirements (NFRs) related to system confidentiality, integrity, and availability. It plays a critical role in many open source software (OSS) projects. Experience indicates that considering security early in the software life cycle can help address security problems, such as reducing information breach and unauthorized data access. However, unlike up-front requirements engineering (RE), requirements are fully discussed and become elaborated in OSS projects only after the implementation begins. Therefore, security management approaches which based on up-front RE shall be modified or improved while applied to OSS projects. To make OSS projects more secure, this research extends existing security requirements management approaches and proposes a new security management framework for OSS projects. I also describe obstacles for building our framework and formulate their conquering as research questions. Analysis and discussion of research questions will enable me to gain valuable insights, which I will use to improve the proposed framework.","PeriodicalId":445032,"journal":{"name":"2018 IEEE 26th International Requirements Engineering Conference (RE)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 26th International Requirements Engineering Conference (RE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RE.2018.00065","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Security refers to a class of non-functional requirements (NFRs) related to system confidentiality, integrity, and availability. It plays a critical role in many open source software (OSS) projects. Experience indicates that considering security early in the software life cycle can help address security problems, such as reducing information breach and unauthorized data access. However, unlike up-front requirements engineering (RE), requirements are fully discussed and become elaborated in OSS projects only after the implementation begins. Therefore, security management approaches which based on up-front RE shall be modified or improved while applied to OSS projects. To make OSS projects more secure, this research extends existing security requirements management approaches and proposes a new security management framework for OSS projects. I also describe obstacles for building our framework and formulate their conquering as research questions. Analysis and discussion of research questions will enable me to gain valuable insights, which I will use to improve the proposed framework.

查看原文本刊更多论文

面向开源软件的安全需求管理框架

安全性是指一类与系统机密性、完整性和可用性相关的非功能需求(nfr)。它在许多开源软件(OSS)项目中起着至关重要的作用。经验表明，在软件生命周期的早期考虑安全性可以帮助解决安全性问题，例如减少信息泄露和未经授权的数据访问。然而，与前期需求工程(RE)不同的是，只有在实现开始之后，需求才会在OSS项目中得到充分的讨论和阐述。因此，在应用于OSS项目时，基于前端RE的安全管理方法需要进行修改或改进。为了使OSS项目更加安全，本研究扩展了现有的安全需求管理方法，并提出了一个新的OSS项目安全管理框架。我还描述了构建我们的框架的障碍，并将它们作为研究问题加以解决。对研究问题的分析和讨论将使我获得有价值的见解，我将利用这些见解来完善提出的框架。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE 26th International Requirements Engineering Conference (RE)

自引率

0.00%

发文量