| Popis: |
As the organizations move towards more fully embracing agile software development and DevOps for mission-critical systems, the need to continuously and rapidly assess cyber security requirements will become increasingly important. Current security assessment tools currently focus on performing Cyber Vulnerability Analysis (CVA) on designs and software artifacts rather than requirements, missing critical steps to vet requirements and support design decisions early in the development lifecycle or as requirements change. This paper outlines the main concepts underlying a toolchain that would enable software developers to analyze cyber security requirements based on existing natural language requirement descriptions, without burdening the developer with learning new languages, models, or ontologies. The main contribution of this paper is a discussion of the concept of operations for automated security requirement analysis together with a discussion of the main functional components required to implement an automated analysis toolchain. |
