Note: This page is part of the us-cert.gov archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

Requirements Engineering

Presents best practices for security requirements engineering, including processes that are specific to eliciting, specifying, analyzing, and validating security requirements. Example processes include CLASP, SQUARE, and recent work by Nuseibeh et al. Specific techniques that are relevant to security requirements, such as development of misuse/abuse cases and attack trees and specification techniques such as SCR, are also discussed or referenced.

See also "Threat Modeling: Diving into the Deep End."