View article

Agile software development (ASD) is becoming increasingly popular in the software industry. Several researchers point out that characterized with short iterations and the quick delivery of working software, ASD often does not give consideration to security requirements as well as other non-functional requirements. This means important security requirements might be neglected in ASD. However, implementing all necessary security requirements is determinant for the success of software projects. Many approaches are proposed to elicit security requirements, but most of them rely on analysts' knowledge and experience about security requirements management. In this paper, we propose a new approach in which security requirements are mined from the vulnerability repository of common vulnerabilities and exposures (CVE). We describe our approach with illustrative examples, discuss operational insights, and …