Security Requirements Engineering: when anti-requirements hit the fan

Crook, Robert; Ince, Darrel; Lin, Luncheng and Nuseibeh, Bashar (2002). Security Requirements Engineering: when anti-requirements hit the fan. In: Proc IEEE International Conference on Requirements Engineering, 8-13 Sep 2002, Germany.

URL: http://ieeexplore.ieee.org/iel5/8115/22462/0104852...

Abstract

Everyone agrees that security is a problem, ranging from
Microsoft to the banks that have been recent victims of
rogue traders. What is paradoxical is that there does not
seem to be a wholehearted commitment by both academics
and industry to treat this topic systematically at the top
level of requirements engineering. Our vision is of a future in which we inform the security requirements engineering process by organisational theory. This would act as the bridge between the well-ordered world of the software project informed by conventional requirements and the unexpected world of anti-requirements associated with the malicious user. We frame a vision for the requirements
engineering community that would involve the community
solving six difficult problems.

Viewing alternatives

Item Actions

Export

About

Recommendations