Learn More
Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams, and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 (Common Criteria) together with secure design techniques such(More)
[Context and motivation] The increasing demand of software systems to process and manage sensitive information has led to the need that software systems should comply with relevant laws and regulations, which enforce the privacy and other aspects of the stored information. [Question/problem] However, the task is challenging because concepts and terminology(More)
More and more software projects today are security-related in one way or the other. Requirements engineers without expertise in security are at risk of overlooking security requirements, which often leads to security vulnerabilities that can later be exploited in practice. Identifying security-relevant requirements is labor-intensive and error-prone. In(More)
Software development project is often faced with unanticipated problems which pose any potential risks within the development environment. Controlling these risks arises from both the technical and non-technical development components already from the early stages of the development is crucial to arrive at a successful project. Therefore, software(More)
— Software projects are often faced with unanticipated problems caused by e.g. changes in the development environment resulting in delays or threatening the ability of the project to succeed. Managing these uncertainties is a challenging task at all phases of the development, but nevertheless crucial in controlling schedule and costs. Therefore software(More)
This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may(More)