RQCODE – Towards Object-Oriented Requirements in the Software Security Domain - Smart Modeling for software Research and Technology Access content directly
Conference Papers Year :

RQCODE – Towards Object-Oriented Requirements in the Software Security Domain


For the last 20 years, the number of vulnerabilities has increased near 20 times, according to NIST statistics. Vulnerabilities expose companies to risks that may seriously threaten their operations. Therefore, for a long time, it has been suggested to apply security engineering-the process of accumulating multiple techniques and practices to ensure a sufficient level of security and to prevent vulnerabilities in the early stages of software development, including establishing security requirements and proper security testing. The informal nature of security requirements makes it uneasy to maintain system security, eliminate redundancy and trace requirements down to verification artifacts such as test cases. To deal with this problem, Seamless Object-Oriented Requirements (SOORs) promote incorporating formal requirements representations and verification means together into requirements classes. This article is a position paper that discusses opportunities to implement the Requirements as Code (RQCODE) concepts, SOORs in Java, applied to the Software Security domain. We argue that this concept has an elegance and the potential to raise the attention of developers since it combines a lightweight formalization of requirements through security tests with seamless integration with off-the-shelf development environments, including modern Continuous Integration/Delivery platforms. The benefits of this approach are yet to be demonstrated in further studies in the VeriDevOps project.
Fichier principal
Vignette du fichier
ITEQS2022-RQCODE.pdf (105.3 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-03781938 , version 1 (20-09-2022)



Ildar Nigmatullin, Andrey Sadovykh, Nan Messe, Sophie Ebersold, Jean-Michel Bruel. RQCODE – Towards Object-Oriented Requirements in the Software Security Domain. IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW 2022), Apr 2022, Valencia, Spain. pp.2-6, ⟨10.1109/ICSTW55395.2022.00015⟩. ⟨hal-03781938⟩
62 View
72 Download



Gmail Facebook Twitter LinkedIn More