validation_of_risk_and_security_requirements_methodologies
Differences
This shows you the differences between two versions of the page.
validation_of_risk_and_security_requirements_methodologies [2017/02/28 13:41] – [Experiments] katsiaryna.labunets@unitn.it | validation_of_risk_and_security_requirements_methodologies [2021/01/29 10:58] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 45: | Line 45: | ||
Within the main stream project we covered a number of themes. | Within the main stream project we covered a number of themes. | ||
- | * **The e-RISE challenge**. eRISE is an annual challenge that aims to compare the effectiveness of academic methods for the elicitation and analysis of threats and security requirements and investigate why these methods are effective. | + | |
- | + | | |
- | **Empirical validation of Risk and Security Requirements Methodologies**. | + | * [[eRISE 2011]] |
- | | + | * [[eRISE 2012]] |
- | - An Experiment on Comparing Textual vs Visual Industrial Methods for Security Risk Assessment. | + | * [[eRISE 2013]] |
- | - Comparison | + | * eRISE 2014 (56 professionals). |
- | - Risk Models Comprehension: | + | |
+ | * Fall [[seceng-course-exp-2012|2012]] (28 participants), | ||
+ | * Fall [[seceng-course-exp-2013|2013]] (29 participants), | ||
+ | * Fall 2014 (35 participants), | ||
+ | * Fall 2015 (28 participants). | ||
+ | | ||
+ | * Jan 2014 with [[winter-schl-exp2014|novices]] | ||
+ | * May 2014 with [[catalogues-rome-2014|practitioners]] | ||
+ | * Nov 2016 we conducted an additional study with novices (40 participants). | ||
+ | | ||
+ | * [[unitn-comprehensibility-exp-2015|Oct 1st, 2014]] in University of Trento, Italy (35 participants), | ||
+ | * [[unitn-comprehensibility-exp-2015|Nov 14th, 2014]] in PUCRS University in Porto Alegre, Brazil (13 participants), | ||
+ | * [[unitn-comprehensibility-exp-2015|Nov 18th, 2014]] in PUCRS University in Porto Alegre, Brazil (27 participants), | ||
+ | * [[unitn-comprehensibility-exp-2015|Sep 16th, 2015]] in Cosenza, Italy at Poste Italiane cyber-security lab (52 participants), | ||
+ | * [[unitn-comprehensibility-exp-2015|Sep 21st, 2015]] in University of Trento, Italy (51 participants), | ||
+ | * [[sid-2015-tutorial|Dec 2nd, 2015]] in Bologna, Italy with ATM professionals (15 participants), | ||
+ | * [[online-comprehensibility-exp-2016|Jan-Feb, | ||
+ | * Sep 21st, 2016 in University of Trento, Italy (35 participants). | ||
+ | - Empirical Evaluation of CVSS Environmental Metrics. | ||
+ | * [[unitn_cvss_env_exp_2016|Nov 2016]] in University of Trento, Italy (29 participants). | ||
Line 73: | Line 92: | ||
==== Publications ==== | ==== Publications ==== | ||
- | * K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira. **Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations** | + | === Working papers === |
+ | * M. de Gramatica, K. Labunets, F. Massacci, F. Paci, M. Ragosta, A. Tedeschi. **On the Effectiveness of Sourcing Knowledge from Catalogues in Security Risk Assessment**. To be submitted to journal. | ||
+ | * K. Labunets, F. Massacci, F. Paci. **An Empirical Comparison of Security Risk Assessment Methods**. To be submitted to journal. | ||
+ | |||
+ | === Published papers === | ||
+ | * K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira. **Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations**. //Empirical Software Engineering// | ||
* K. Labunets, F. Massacci, F. Paci. **On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment**. In // | * K. Labunets, F. Massacci, F. Paci. **On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment**. In // | ||
* K. Labunets, F. Paci, F. Massacci. **Which Security Catalogue Is Better for Novices?** In //Proc. of EmpiRE Workshop at IEEE RE' | * K. Labunets, F. Paci, F. Massacci. **Which Security Catalogue Is Better for Novices?** In //Proc. of EmpiRE Workshop at IEEE RE' |
validation_of_risk_and_security_requirements_methodologies.1488285705.txt.gz · Last modified: 2021/01/29 10:58 (external edit)