International Journal of Advances in Computer Science and Its Applications
Author(s) : ABHIMANYU KUMAR , NEERAJ RAJ PAL , PRIYANKA DABRAL , RANA PRATAP , SARIKA GUPTA
The goal of the software security requirements is to build better, defect-free software. But most requirements engineers are poorly trained to elicit, analyze, and specify security requirements, often confusing them with the architectural security mechanisms that are traditionally used to fulfill them. They thus end up specifying architecture and design constraints rather than true security requirements. This paper defines the basic of the security requirements and assets and threats in detail. And at last define the different types of security requirements as proposed by Firesmith  and provides associated examples and guildlines with the intent of enabling requirements engineers to adequately specify security requirements without unnecessarily constraining the security and architecture teams from using the most appropriate security mechanisms for the job.