Web-based Collaborative Security Requirements Elicitation

This empirical study aims at evaluating a structured but informal security requirements engineering method supported by a collaborative Web-based tool. The method allows stakeholders to contribute to the risk analysis and security requirements of elicitation of a software or system in a structured manner that allows traceability between vulnerabilities and mitigations. The tool’s collaborative and distributed workflow promotes higher levels of participation for busy practitioners with a minimum investment of time. REFSQ participants will have the opportunity to test our new platform, and to provide feedback. The experiment revolves around a fictitious scenario. Interested individuals can connect to our server at any time and all results will be publicly available. The tool is available as Open Source software and will later be made available as virtual machine too.