Learn More
Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security(More)
Security risk analysis should be conducted regularly to maintain an acceptable level of security. In principle, all risks that are unacceptable according to the predefined criteria should be mitigated. However, risk mitigation comes at a cost, and only the countermeasures that cost-efficiently mitigate risks should be implemented. This paper presents an(More)
Security metrics and vulnerability prediction for software have gained a lot of interests from the community. Many software security metrics have been proposed <i>e.g.</i>, complexity metrics, cohesion and coupling metrics. In this paper, we propose a novel code metric based on dependency graphs to predict vulnerable components. To validate the efficiency(More)
A significant number of methods have been proposed to identify and analyze threats and security requirements, but there are few empirical evaluations that show these methods work in practice. This paper reports a controlled experiment conducted with 28 master students to compare two classes of risk-based methods, visual methods (CORAS) and textual methods(More)
Requirement evolution has drawn a lot of attention from the community with a major focus on management and consistency of requirements. Here, we tackle the fundamental, albeit less explored, alternative of modeling the future evolution of requirements. Our approach is based on the explicit representation of controllable evolu-tions vs observable evolutions,(More)
Risk is unavoidable in business and risk management is needed amongst others to set up good security policies. Once the risks are evaluated, the next step is to decide how they should be treated. This involves managers making decisions on proper countermeasures to be implemented to mitigate the risks. The countermeasure expenditure, together with its(More)
—Requirements evolution is still a challenging problem in engineering practices. This paper presents a family of empirical studies about the applicability and usefulness of an approach for modeling evolving requirements. The empirical studies involved different categories of users (researchers, master students and domain experts) who have applied the(More)
Long-living software systems keep evolving to satisfy changes in their working environment. New requirements may arise, while current requirements may become obsoleted. Such requirements evolution fortunately could be foreseen at some level of (un)certainty. The paper presents UNICORN, a CASE tool for modeling and reasoning on the uncertainty of(More)
Existing risk assessment methods often rely on a context of a target software system at a particular point in time. Such contexts of long-living software systems tend to evolve over time. Consequently, risks might also evolve. Therefore, in order to deal with evolving risks, decision makers need to select an appropriate risk countermeasure alternative that(More)