Skip to Main content Skip to Navigation
New interface
Conference papers

RQCODE – Towards Object-Oriented Requirements in the Software Security Domain

Abstract : For the last 20 years, the number of vulnerabilities has increased near 20 times, according to NIST statistics. Vulnerabilities expose companies to risks that may seriously threaten their operations. Therefore, for a long time, it has been suggested to apply security engineering-the process of accumulating multiple techniques and practices to ensure a sufficient level of security and to prevent vulnerabilities in the early stages of software development, including establishing security requirements and proper security testing. The informal nature of security requirements makes it uneasy to maintain system security, eliminate redundancy and trace requirements down to verification artifacts such as test cases. To deal with this problem, Seamless Object-Oriented Requirements (SOORs) promote incorporating formal requirements representations and verification means together into requirements classes. This article is a position paper that discusses opportunities to implement the Requirements as Code (RQCODE) concepts, SOORs in Java, applied to the Software Security domain. We argue that this concept has an elegance and the potential to raise the attention of developers since it combines a lightweight formalization of requirements through security tests with seamless integration with off-the-shelf development environments, including modern Continuous Integration/Delivery platforms. The benefits of this approach are yet to be demonstrated in further studies in the VeriDevOps project.
Document type :
Conference papers
Complete list of metadata

https://hal.archives-ouvertes.fr/hal-03781938
Contributor : Sophie Ebersold Connect in order to contact the contributor
Submitted on : Tuesday, September 20, 2022 - 6:36:33 PM
Last modification on : Thursday, September 22, 2022 - 5:13:50 AM

File

ITEQS2022-RQCODE.pdf
Files produced by the author(s)

Identifiers

Citation

Ildar Nigmatullin, Andrey Sadovykh, Nan Messe, Sophie Ebersold, Jean-Michel Bruel. RQCODE – Towards Object-Oriented Requirements in the Software Security Domain. IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW 2022), Apr 2022, Valencia, Spain. pp.2-6, ⟨10.1109/ICSTW55395.2022.00015⟩. ⟨hal-03781938⟩

Share

Metrics

Record views

12

Files downloads

9