Date Added: Sep 2010
Security is an important and complex quality attribute in many software-intensive systems. Unfortunately security is often neglected in the requirements stage of the development life cycle. Security is introduced later, in design and implementation, which results in inadequate analysis, cost overruns, and vulnerabilities costing billions of dollars annually. Even when security requirements are specified, they are likely at an incorrect level of abstraction, either too general to be useful or too focused on design implications. To be most effective, security should be an integrated part of systems development from the beginning, addressed with the same discipline as other system requirements.