Requirements for Secure Information Systems, 2014

The project will develop and evaluate methodology and tool support for security requirements engineering, integrated with mainstream software development methods. The main features of the contribution will be as follows: The methodology shall be lightweight, meant to be used primarily by mainstream software developers rather than by security experts - The methodology shall be integrated with popular methodologies for software development in general, so that security requirements can be considered in the normal run of development activities rather than as a separate activity on the side. Tools delivered in the project will not be developed from scratch but rather as add-ons to existing modeling and requirements management tools. This makes it more realistic to achieve industry-strength functionality and usability within a limited budget, and also ensures that tools will be applicable in a larger development context. Thorough evaluations (e.g., experiments, case studies) shall ensure that the methodology provides empirically founded advice on when and how to apply various techniques and tools.