Home page logo

webappsec logo WebApp Sec mailing list archives

RE: Corsaire White Paper: Secure Development Framework
From: "James Burnham" <james.burnham () neurealization com>
Date: Tue, 25 May 2004 19:52:14 -0700

A significant set of security concerns are more appropriately considered
functional requirements (as opposed to non-functional), in particular
Authentication/Authorization/Accounting. Including
Authentication/Authorization/Accounting in functional requirements (not
just a separate 'security' section) will help insure security concerns
are addressed in overall system design. Adding these areas as
non-functional requirements tends to lead to missing details in relation
to specific functions, data, rights, etc. 

- James


-----Original Message-----
From: Flanagan, Kevin [mailto:Kevin.Flanagan () bmwfs com] 
Sent: Tuesday, May 25, 2004 1:06 PM
To: 'Glyn Geoghegan'; webappsec () securityfocus com
Subject: RE: Corsaire White Paper: Secure Development Framework

...Even though security is predominantly a non-functional requirement...

With that said, does anyone have any good references for building good
non-functional security requirements for applications (both web and


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]