This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
erise [2013/04/08 11:34] federica.paci@unitn.it |
erise [2021/01/29 10:58] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
===== eRISE Challenge ==== | ===== eRISE Challenge ==== | ||
- | The eRISE (engineering RIsks and SEcurity Requirements) challenge is a series of empirical studies that aim to compare security engineering methods sponsored by [[http://www.nessos-project.eu|NESSoS]] European Project and [[http://www.eitictlabs.eu|EIT ICT Labs]]. Two editions of eRISE challenge has been held [[eRISE 2011]] and [[eRISE 2012]].The organization of the third edition [[eRISE 2013]] is currently ongoing. | + | The eRISE (engineering RIsks and SEcurity Requirements) challenge is a series of empirical studies that aim to compare security engineering methods sponsored by [[http://www.nessos-project.eu|NESSoS]] European Project and [[http://www.eitictlabs.eu|EIT ICT Labs]]. Three editions of eRISE challenge has been held [[eRISE 2011]], [[eRISE 2012]], and [[eRISE 2013]]. See the [[validation_of_risk_and_security_requirements_methodologies|main page]] for our work on empirical validation of security risk assessment methods and other experiments. |
The idea of eRISE challenge is to bring together researchers, young students and practitioners to understand if security methods are effective and what features determine their effectiveness. | The idea of eRISE challenge is to bring together researchers, young students and practitioners to understand if security methods are effective and what features determine their effectiveness. | ||
- | With eRISE we want to be able to tell whether //it is not a method to find security recommendations..it helps us to represent the model but does not help in finding solution// or //it helps to find out specific security requirement//. | + | With eRISE we want to be able to tell whether "//it is not a method to find security recommendations..//", or at least "//it helps us to represent the model but does not help in finding solution//", or hopefully "//it helps to find out specific security requirement//." (quoting some of the participants of our experiments). |
**eRISE provides method designer with**: | **eRISE provides method designer with**: | ||
Line 18: | Line 18: | ||
==== Research Questions ==== | ==== Research Questions ==== | ||
- | * **RQ1**//Are security requirements and risk methods effective when applied by someone different than their own inventor?// | + | * **RQ1** //Are security requirements and risk methods effective when applied by someone different than their own inventor?// |
* **RQ2** //Why are the methods effective? Why they are not?// | * **RQ2** //Why are the methods effective? Why they are not?// |