Engineering Security Requirements

By: Donald Firesmith


Most requirements engineers are poorly trained to elicit, analyze, and specify security requirements, often confusing them with the architectural security mechanisms that are traditionally used to fulfill them. They thus end up specifying architecture and design constraints rather than true security requirements.

Cite as:

Donald Firesmith, “Engineering Security Requirements”, Journal of Object Technology, Volume 2, no. 1 (January 2003), pp. 53-68, doi:10.5381/jot.2003.2.1.c6.

PDF | HTML | DOI | BiBTeX | Tweet this | Post to CiteULike | Share on LinkedIn

The JOT Journal   |   ISSN 1660-1769   |   DOI 10.5381/jot   |   AITO   |   Open Access   |    Contact