Related papers: STORE: Security Threat Oriented Requirements Engin…
Teaching industry staff on cybersecurity issues is a fundamental activity that must be undertaken in order to guarantee the delivery of successful and robust products to market. Much research attention has been devoted to this topic over…
Security holds an important role in a software. Most people are not aware of the significance of security in software system and tend to assume that they will be fine without security in their software systems. However, the lack of security…
Requirement engineering is a key ingredient for software development to be effective. Apart from the traditional software requirement which is not much appropriate for new emerging software such as smart handheld device based software. In…
Protecting data from malicious computer users continues to grow in importance. Whether preventing unauthorized access to personal photographs, ensuring compliance with federal regulations, or ensuring the integrity of corporate secrets, all…
The last years have seen an increase of Man-at-the-End (MATE) attacks against software applications, both in number and severity. However, MATE software protections are dominated by fuzzy concepts and techniques, with…
In recent years, the number of cyber attacks has grown rapidly. An effective way to reduce the attack surface and protect software is adoption of methodologies that apply security at each step of the software development lifecycle. While…
Context: Consistent requirements and system specifications are essential for the compliance of software systems towards the General Data Protection Regulation (GDPR). Both artefacts need to be grounded in the original text and conjointly…
Nowadays, most companies need to collect, store, and manage personal information in order to deliver their services. Accordingly, privacy has emerged as a key concern for these companies since they need to comply with privacy laws and…
Software ecosystems (SECOs) and open innovation processes have been claimed as a way forward for the software industry. A proper understanding of requirements is as important for these IT-systems as for more traditional ones. This paper…
This paper tackles the problems of generating concrete test cases for testing whether an application is vulnerable to attacks, and of checking whether security solutions are correctly implemented. The approach proposed in the paper aims at…
In industrial practice, requirements are an indispensable element of any serious software project. In the academic study of software engineering, requirements are one of the heavily researched subjects. And yet requirements engineering, as…
Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat modeling as a part of requirements engineering in secure software development provides a structured approach for identifying attacks and…
The software product is a source of cyber-attacks that target organizations by using their software supply chain as a distribution vector. As the reliance of software projects on open-source or proprietary modules is increasing drastically,…
Owing to resource constraints, the existing prioritization and selection techniques for software security requirements (countermeasures) find a subset of higher-priority security requirements ignoring lower-priority requirements or…
In software development, privacy preservation has become essential with the rise of privacy concerns and regulations such as GDPR and CCPA. While several tools, guidelines, methods, methodologies, and frameworks have been proposed to…
Software containers are widely adopted for developing and deploying software applications. Despite their popularity, major security concerns arise during container development and deployment. Software Engineering (SE) research literature…
The escalating complexity of modern software development environments has heightened concerns around supply chain security. However, existing frameworks often fall short in translating abstract security principles into concrete, actionable…
To avoid software vulnerabilities, organizations are shifting security to earlier stages of the software development, such as at code review time. In this paper, we aim to understand the developers' perspective on assessing software…
Security remains a critical challenge in modern web applications, where threats such as unauthorized access, data breaches, and injection attacks continue to undermine trust and reliability. Traditional Object-Oriented Programming (OOP)…
Critical software systems face stringent requirements in safety, security, and reliability due to the circumstances surrounding their operation. Safety and security have progressively gained importance over the years due to the integration…