Supplementary Material for "Invisible Threads: An Exploratory Study on Properties and Relations of (Security-) Assumptions"

Supplementary material for "Invisible Threads: An Exploartory Study on Properties and Relations of (Security-) Assumptions" AbstractAssumptions play a significant role in software engineering.<br>Implicit, inconsistent, or invalid assumptions about the system can have a high impact, especially on security.<br>Even though there are several approaches for managing assumptions in security engineering, most of them are highly specific to their domain and phase in software development.<br>For holistic assumption management, a general understanding of security-related assumptions and their relation to other artifacts is required.<br>Founded on a Grounded Theory-based approach, including nine interviews with security researchers and a literature review of 53 scientific publications on assumptions, we observe common properties of security-related assumptions.<br>Based on that, we propose a definition and several properties of security-related assumptions.<br>With two surveys and 148 participants from software engineering, we validate the definition of security-related assumptions and general assumptions in software development.<br>We also confirm the close relationship between assumptions and requirements.<br>Lastly, our study underlines the importance of documenting assumptions and their features.ContentThis supplementary material belongs to **Invisible Threads: An Exploartory Study on Properties and Relations of (Security-) Assumptions**<br><br>The supplementary material allows to:<br><br>* replicate the theory-building on the same data as the authors<br>* reproduce the complete validation, generate overviews, and bar charts for every evaluated feature<br>* get insights via additional content, such as the application to a case study or a usability study of a theoretical scenario<br><br>Find more information in the ReadMe.