The project will develop and evaluate methodology and tool support for security requirements engineering, integrated with mainstream software development methods. The main features of the contribution will be as follows:
- The methodology shall be lightwe ight, meant to be used primarily by mainstream software developers rather than by security experts
- The methodology shall be integrated with popular methodologies for software development in general, so that security requirements can be considered in the normal run of development activities rather than as a separate activity on the side
- Tools delivered in the project will not be developed from scratch but rather as add-ons to existing modeling and requirements management tools. This makes it more reali stic to achieve industry-strength functionality and usability within a limited budget, and also ensures that tools will be applicable in a larger development context
- Thorough evaluations (e.g., experiments, case studies) shall ensure that the methodolog y provides empirically founded advice on when and how to apply various techniques and tools.
The project is planned for 3 years from August 2008 and includes one PhD position and 1 post-doc positions for the entire duration of the project. If the PhD stu dent gets a fourth year extension for teaching work at the university, the project will run for 4 years. The project leader is Professor Guttorm Sindre at the Norwegian University of Science and Technology (NTNU), and the other senior participant is Profe ssor Andreas L. Opdahl at the University of Bergen (UiB), co-authors of some much cited publications on techniques for eliciting security requirements.