Engineering Security Requirements
By: Donald Firesmith
Abstract
Most requirements engineers are poorly trained to elicit, analyze, and specify security requirements, often confusing them with the architectural security mechanisms that are traditionally used to fulfill them. They thus end up specifying architecture and design constraints rather than true security requirements.
Cite as:
Donald Firesmith, “Engineering Security Requirements”, Journal of Object Technology, Volume 2, no. 1 (January 2003), pp. 53-68, doi:10.5381/jot.2003.2.1.c6.
PDF | HTML | DOI | BiBTeX | Tweet this | Post to CiteULike | Share on LinkedIn