SECRS TEMPLATE TO AID NOVICE DEVELOPERS IN SECURITY REQUIREMENTS IDENTIFICATION AND DOCUMENTATION

International Journal of Software Engineering and Computer Systems Pub Date : 2022-01-24 DOI:10.15282/ijsecs.8.1.2022.5.0095

Nuzhat Qadir, R. Ahmad

{"title":"SECRS TEMPLATE TO AID NOVICE DEVELOPERS IN SECURITY REQUIREMENTS IDENTIFICATION AND DOCUMENTATION","authors":"Nuzhat Qadir, R. Ahmad","doi":"10.15282/ijsecs.8.1.2022.5.0095","DOIUrl":null,"url":null,"abstract":"The security requirements are one of the non-functional requirements (NFR) which acts as a constraint on the functions of the system to be built. Security requirements are important and may affect the entire quality of the system. Unfortunately, many organizations do not pay much attention to it. The security problems should be focused on the early phases of the development process i.e. in the requirements phase to stop the problems spreading down in the later phases and in turn to avoid the rework. Subsequently, when security requirements are to be focused, proper guidance should be provided which should assist requirements engineers. Many security requirements engineering methods were developed in the past which require different level of expertise such as SQUARE process which requires requirements engineer to have a certain level of security expertise. Moreover, it lacks proper guidance especially for novice developers in applying the existing security requirements engineering (SecRE) methods to identify security requirements. Hence, this study intends to address the gap by developing a guided template to assist novice developers in the security requirements identification and documentation. The main objectives of the research are: 1) to study and investigate the existing security requirements engineering (SecRE) methods. 2) To develop a template to aid novice developers in identifying and documenting security requirements. The developed template is applied to two case studies of software projects to determine its usability and applicability. The results of the case studies evaluation show that both the usability and applicability of the template is good. The template is also evaluated by several experts and software practitioners. The evaluation results show that the SecRS template is found to be satisfying the usability and applicability factors; thereby confirming that the proposed template achieves its desired objective of aiding the novice developers to identify and document security requirements correctly.","PeriodicalId":31240,"journal":{"name":"International Journal of Software Engineering and Computer Systems","volume":"14 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2022-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Software Engineering and Computer Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15282/ijsecs.8.1.2022.5.0095","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

The security requirements are one of the non-functional requirements (NFR) which acts as a constraint on the functions of the system to be built. Security requirements are important and may affect the entire quality of the system. Unfortunately, many organizations do not pay much attention to it. The security problems should be focused on the early phases of the development process i.e. in the requirements phase to stop the problems spreading down in the later phases and in turn to avoid the rework. Subsequently, when security requirements are to be focused, proper guidance should be provided which should assist requirements engineers. Many security requirements engineering methods were developed in the past which require different level of expertise such as SQUARE process which requires requirements engineer to have a certain level of security expertise. Moreover, it lacks proper guidance especially for novice developers in applying the existing security requirements engineering (SecRE) methods to identify security requirements. Hence, this study intends to address the gap by developing a guided template to assist novice developers in the security requirements identification and documentation. The main objectives of the research are: 1) to study and investigate the existing security requirements engineering (SecRE) methods. 2) To develop a template to aid novice developers in identifying and documenting security requirements. The developed template is applied to two case studies of software projects to determine its usability and applicability. The results of the case studies evaluation show that both the usability and applicability of the template is good. The template is also evaluated by several experts and software practitioners. The evaluation results show that the SecRS template is found to be satisfying the usability and applicability factors; thereby confirming that the proposed template achieves its desired objective of aiding the novice developers to identify and document security requirements correctly.

查看原文本刊更多论文

Secrs模板帮助新手开发人员进行安全需求识别和文档编制

安全性需求是非功能需求(NFR)中的一种，它对要构建的系统的功能起约束作用。安全需求很重要，可能会影响整个系统的质量。不幸的是，许多组织并没有注意到这一点。安全问题应该集中在开发过程的早期阶段，即在需求阶段，以防止问题在后期阶段蔓延，从而避免返工。随后，当需要关注安全性需求时，应该提供适当的指导，以帮助需求工程师。过去开发的许多安全需求工程方法需要不同水平的专业知识，例如要求需求工程师具有一定水平的安全专业知识的SQUARE过程。此外，它缺乏适当的指导，特别是对于新手开发人员在应用现有的安全需求工程(SecRE)方法来识别安全需求方面。因此，本研究打算通过开发一个指导模板来解决这一差距，以帮助新手开发人员进行安全需求识别和文档编制。研究的主要目的是:1)研究和调查现有的安全需求工程(SecRE)方法。2)开发一个模板，帮助新手开发人员识别和记录安全需求。将所开发的模板应用于两个软件项目的案例研究，以确定其可用性和适用性。实例评价结果表明，该模板具有良好的可用性和适用性。该模板还由几位专家和软件从业者进行评估。评价结果表明，SecRS模板满足可用性和适用性因素;从而确认所建议的模板实现了帮助新手开发人员正确识别和记录安全需求的预期目标。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Software Engineering and Computer Systems

自引率

0.00%

发文量