Software security requirements engineering: State of the art
Software Engineering has established techniques, methods and technology over two decades. However, due to the lack of understanding of software security vulnerabilities, we have not been so successful in applying software engineering principles that have been established for the past at least 25 years, when developing secure software systems. Therefore, software security can not be just added after a system has been built and delivered to customers as seen in today’s software applications. This keynote paper provides concise methods, techniques, and best practice requirements guidelines on software security and also discusses an Integrated-Secure SDLC model (IS-SDLC), which will benefit practitioners, researchers, learners, and educators.