Special issue: The future of software engineering for security and privacy

Abstract

The scale of misuse of mission-critical assets manipulated by computer-based systems has increased, because of their worldwide accessibility through the Internet and the automation of systems. Security is concerned with the prevention of such misuse. The systematic development of software that considers security risks and threats explicitly is increasingly recognized as critical to improving overall systems security. This special issue provides a forum for discussing research directions in software engineering for developing secure systems more effectively. It comprises seven papers that underwent one or more cycles of anonymous peer review and revision. The first paper on “PORTAM: Policy, Requirements and Threats Analyzer for Mobile Code Application”, by Haruhiko Kaiya, Kouta Sasaki, and Kenji Kaijiri, presents an automated tool to support users and providers of information systems, to help them understand the threats and the requirements of these systems. The paper focuses on Java mobile code applications. The second paper on “Curriculum Design and Methodologies for Security Requirements Analysis”, by Kenji Taguchi and Yasuyuki Tahara, describes the authors’ Security Requirements Analysis educational course, part of the Top SE project, to teach the students how to find and fix security defects in software, as early as possible in the systems development life cycle. The third paper on “A Survey on Security Patterns”, by Nobukazu Yoshioka, Hironori Washizaki, and Katsuhisa Maruyama, surveys existing approaches to establishing security patterns, which are reusable solutions to security problems, and illustrates a direction for the integration of patterns into the development life cycle. The fourth paper on “Software Security Engineer-