Tips on Software Security Requirements

Security requirements are a difficult quality attribute to elicit and specify. (Quality attributes are one the three types of nonfunctional requirements—along with interfaces, and design & implementation constraints*). Distinguishing can help. So too, it helps to

Sue Burk distinguishes between security requirements and security controls, shares four categories of security requirements, provides suggestions for eliciting security requirements, and explains why making them testable is important in her expert response.

References:

* The Software Requirements Memory Jogger

 

 

 

Agile analysis, Product Discovery

Leave a Reply

Your email address will not be published. Required fields are marked *