Quality security requirements help secure software development to succeed. While considerable research can be discovered in the field of demands elicitation, less attention has been paid to the writing of full security specifications. The demands engineers (REs) are still challenged and tedious in implementing and reporting full safety needs derived from Natural language. This is due to their tendency to misunderstand the real needs and the security terms used by inexperienced REs leading to incomplete security requirements. Motivated from these problems, we have developed a prototype tool, called SecureMEReq to improve the writing of complete security requirements. This tool provides four important key-features, which are (1) extraction of template-based components from client-stakeholders; (2) analysis of template-based density from SRCLib; (3) analysis of requirements syntax density from SecLib; and (4) analysis of completeness prioritization. To do this, we used our pattern libraries: SecLib and SRCLib to support the automation process of elicitation, especially in writing the security requirements. Our evaluation results show that our prototype tool is capable to facilitate the writing of complete security requirements and useful in assisting the REs to elicit the security requirements.
Secure MEReq: A Tool Support to Check for Completeness of Security Requirements
