SecReq: Security Requirements Elicitation

When I started my PhD, my goal was to help people write better requirements documents. SecReq [1-3] is one of the projects that allowed me to apply my expertise and the concepts I developed during my research. Results from SecReq did not make it into my PhD (except for the outlook), but nevertheless, this is one of the most exciting projects I did during my time in Hannover and I am proud to continue the work in this group of researchers.

My goal in SecReq is to constructively support people in writing better security requirements.

In practice, security requirements elicitation is often a big problem. Two of the main reasons are lack of requirements engineering expertise and lack of security engineering expertise in many organizations. In SecReq, my goal is to constructively support people in writing better security requirements. This support should cover raw candidate requirements in elicitation sessions, their refinement into accurate requirements documentation, and their tracing to design decisions. Continue reading