{"title":"面向开源软件的安全需求管理框架","authors":"Wentao Wang","doi":"10.1109/RE.2018.00065","DOIUrl":null,"url":null,"abstract":"Security refers to a class of non-functional requirements (NFRs) related to system confidentiality, integrity, and availability. It plays a critical role in many open source software (OSS) projects. Experience indicates that considering security early in the software life cycle can help address security problems, such as reducing information breach and unauthorized data access. However, unlike up-front requirements engineering (RE), requirements are fully discussed and become elaborated in OSS projects only after the implementation begins. Therefore, security management approaches which based on up-front RE shall be modified or improved while applied to OSS projects. To make OSS projects more secure, this research extends existing security requirements management approaches and proposes a new security management framework for OSS projects. I also describe obstacles for building our framework and formulate their conquering as research questions. Analysis and discussion of research questions will enable me to gain valuable insights, which I will use to improve the proposed framework.","PeriodicalId":445032,"journal":{"name":"2018 IEEE 26th International Requirements Engineering Conference (RE)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Towards a Security Requirements Management Framework for Open-Source Software\",\"authors\":\"Wentao Wang\",\"doi\":\"10.1109/RE.2018.00065\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security refers to a class of non-functional requirements (NFRs) related to system confidentiality, integrity, and availability. It plays a critical role in many open source software (OSS) projects. Experience indicates that considering security early in the software life cycle can help address security problems, such as reducing information breach and unauthorized data access. However, unlike up-front requirements engineering (RE), requirements are fully discussed and become elaborated in OSS projects only after the implementation begins. Therefore, security management approaches which based on up-front RE shall be modified or improved while applied to OSS projects. To make OSS projects more secure, this research extends existing security requirements management approaches and proposes a new security management framework for OSS projects. I also describe obstacles for building our framework and formulate their conquering as research questions. Analysis and discussion of research questions will enable me to gain valuable insights, which I will use to improve the proposed framework.\",\"PeriodicalId\":445032,\"journal\":{\"name\":\"2018 IEEE 26th International Requirements Engineering Conference (RE)\",\"volume\":\"43 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE 26th International Requirements Engineering Conference (RE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RE.2018.00065\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 26th International Requirements Engineering Conference (RE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RE.2018.00065","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards a Security Requirements Management Framework for Open-Source Software
Security refers to a class of non-functional requirements (NFRs) related to system confidentiality, integrity, and availability. It plays a critical role in many open source software (OSS) projects. Experience indicates that considering security early in the software life cycle can help address security problems, such as reducing information breach and unauthorized data access. However, unlike up-front requirements engineering (RE), requirements are fully discussed and become elaborated in OSS projects only after the implementation begins. Therefore, security management approaches which based on up-front RE shall be modified or improved while applied to OSS projects. To make OSS projects more secure, this research extends existing security requirements management approaches and proposes a new security management framework for OSS projects. I also describe obstacles for building our framework and formulate their conquering as research questions. Analysis and discussion of research questions will enable me to gain valuable insights, which I will use to improve the proposed framework.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
