Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Reusable knowledge in security requirements engineering: a systematic mapping study
Souag A., Mazo R., Salinesi C., Comyn-Wattiau I. Requirements Engineering21 (2):251-283,2016.Type:Article
Date Reviewed: Jul 22 2016

Data breaches, zero-day vulnerabilities, and attacks exploiting components core to global information technology (IT) infrastructure have become a mainstay of technology news over the last couple years. Researchers and practitioners alike are vigorously trying to build detection and prevention capabilities to arrest this growing trend of loss due to poor security engineering and implementation discipline. Against this backdrop of advancements in every aspect of the information security industry, one area that needs a deeper look is security requirements engineering (SRE), and more specifically the reusability of knowledge cultivated over time when designing and building various security controls and mechanisms.

This paper, although self-admittedly far from perfect, is a commendable effort in asking the right questions of researchers as well as security professionals around SRE knowledge reuse. This exercise in discovery, mapping, and comparing works in SRE methodologies over the last 13 years may be incomplete, biased, and limited in scope, but it clearly demonstrates a few key lessons on the subject and the steady rise in interest in it.

The paper describes “five main types of knowledge forms of representation ... (re)used by SRE approaches: (1) security patterns; (2) taxonomies and ontologies; (3) templates and profiles; (4) catalogs and generic models; and (5) mixed.” The authors note that “a framework to compare and analyze knowledge reuse in SRE was also defined.”

Those interested in the topic of SRE and trends contributing to the rise in software vulnerabilities may find this paper to be a good, though not exhaustive, reference on works between 2000 and 2013.

Reviewer:  Phoram Mehta Review #: CR144620 (1611-0811)
Bookmark and Share
  Featured Reviewer  
 
Requirements/ Specifications (D.2.1 )
 
 
Reusable Software (D.2.13 )
 
 
Security and Protection (D.4.6 )
 
Would you recommend this review?
yes
no
Other reviews under "Requirements/Specifications": Date

Moriconi M. (ed), Lansky A.Type: Article
Dec 1 1985
A unifying framework for structured analysis and design models
Tse T., Cambridge University Press, New York, NY, 1991. Type: Book (9780521391962)
Jun 1 1992
A skeleton interpreter for specialized languages
Steensgaard-Madsen J.  Programming Languages and System Design (, Dresden, East Germany,1861983. Type: Proceedings
Mar 1 1985
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy