TraceSec

In today's world, software systems are and will continue to become increasingly complex and extensive. In the process, problems can arise in the area of IT security (Security = Sec). Depending on the domain, these security problems are more critical than others. If it happens that software shows misbehavior, some software developers lack the ability or the experience to fix these errors. Thus it is meaningful to document past security problems lastingly and to transfer/trace solutions on new projects (Tracing = Trace) and to support developers in the future thereby from it to learn. Various questions arise, such as what are the artifacts that should be investigated or how can we learn from past safety-critical problems?

Quality models are used to organize security-related information at multiple levels. Tracking security-related activities using artifacts and a quality model addresses all three core challenges at once: development, problem analysis, and learning. Software organizations should leave security-relevant traces, compare them, and reuse them through soft matching and intelligent operations. Automated support and human judgment shall be combined, making TraceSEC a truly socio-technical approach.

Ahrens, M., Nagel, L., (2023) All Eyes on Traceability: An Interview Study on Industry Practices and Eye Tracking Potential, In IEEE 31th Requirements Engineering Conference (RE'23), Hannover, Germany [More information coming soon]