ESPRE 2016, 3rd International Workshop on Evolving Security and Privacy Requirements Engineering, September 12th, 2016, Beijing, China, co-located with the 24th IEEE International Requirements Engineering Conference
The development and delivery of secure software is a challenging task, that gets even harder when the developer tries to adhere to both application and organization-specific security requirements translated into security guidelines. These guidelines serve as best practices or recommendations that help reduce application exposure to vulnerabilities, and provide hints about the application's adherence to high-level and abstract security requirements. In this paper, we present guidelines we gathered from different sources, and we highlight the main issues related to the interpretation and application of those guidelines. We present a first attempt to classify the requirements with the objective of identifying the analysis that should be performed to verify the adherence of the developed software to each of the categories.
Type:
Conférence
City:
Beijing
Date:
2016-09-12
Department:
Sécurité numérique
Eurecom Ref:
4974
Copyright:
© 2016 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
See also:
