Archive for the ‘Security Requirements’ Category

Tips on Software Security Requirements

Tuesday, December 13th, 2011

Security requirements are a difficult quality attribute to elicit and specify. (Quality attributes are one the three types of nonfunctional requirements—along with interfaces, and design & implementation constraints*). Distinguishing can help. So too, it helps to

Sue Burk distinguishes between security requirements and security controls, shares four categories of security requirements, provides suggestions for eliciting security requirements, and explains why making them testable is important in her expert response. Continue reading