How Security Requirements are Tested in Industry? -- A Survey Study
[Context and motivation] Among all categories of non-functional requirements, requirements concerning security are those that are specified and tackled with care. [Question/problem] However, the constant changes in technologies used to develop software products, cause that the approaches to investigate if security requirements are satisfied are also changing very quickly. The changes are introduced to address the problems the industry struggle with [Principal ideas/results] We conducted an on-line based survey among software development practitioners. 190 respondents from a wide variety of countries shared with us their experience concerning testing security requirements. [Contribution:] We learned that security requirements are tested in majority of projects. There are different techniques used from automated ones like static code analysis, to manual ones like code reviews, manual testing. Mostly developers, QA/Internal testing team and DevOps are testing security. The greatest challenges concern effort, cost, knowledge and establishing testing culture.
Thu 24 MarDisplayed time zone: London change
14:00 - 15:30
|RE in the Market Dialogue of Public Procurement: A Case Study of an Innovation Partnership for Medical TechnologyScientific Evaluation |
Gunnar Brataas SINTEF Digital, Geir Kjetil Hanssen SINTEF, Norway, Xinlu Qiu NTNU, Lisa Græslie SINTEF DigitalFile Attached
|How Security Requirements are Tested in Industry? -- A Survey StudyScientific Evaluation |