{"id":"https://openalex.org/W4415029311","doi":"https://doi.org/10.3390/computers14100429","title":"Security Requirements Engineering: A Review and Analysis","display_name":"Security Requirements Engineering: A Review and Analysis","publication_year":2025,"publication_date":"2025-10-09","ids":{"openalex":"https://openalex.org/W4415029311","doi":"https://doi.org/10.3390/computers14100429"},"language":"en","primary_location":{"id":"doi:10.3390/computers14100429","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computers14100429","pdf_url":null,"source":{"id":"https://openalex.org/S4210228075","display_name":"Computers","issn_l":"2073-431X","issn":["2073-431X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.3390/computers14100429","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5051943616","display_name":"Aftab Alam Janisar","orcid":"https://orcid.org/0000-0002-9710-4345"},"institutions":[{"id":"https://openalex.org/I203899302","display_name":"Universiti Teknologi Petronas","ror":"https://ror.org/048g2sh07","country_code":"MY","type":"education","lineage":["https://openalex.org/I203899302"]}],"countries":["MY"],"is_corresponding":true,"raw_author_name":"Aftab Alam Janisar","raw_affiliation_strings":["Department of Computing Universiti Teknologi PETRONAS, 32610 Seri Iskandar, Perak, Malaysia"],"affiliations":[{"raw_affiliation_string":"Department of Computing Universiti Teknologi PETRONAS, 32610 Seri Iskandar, Perak, Malaysia","institution_ids":["https://openalex.org/I203899302"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118994305","display_name":"Ayman Meidan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210139873","display_name":"Arab Open University","ror":"https://ror.org/03vfnky71","country_code":"SA","type":"education","lineage":["https://openalex.org/I4210093932","https://openalex.org/I4210139873"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Ayman Meidan","raw_affiliation_strings":["Faculty of Computer Studies, Arab Open University, P.O. Box 800, Riyadh 11421, Saudi Arabia"],"affiliations":[{"raw_affiliation_string":"Faculty of Computer Studies, Arab Open University, P.O. Box 800, Riyadh 11421, Saudi Arabia","institution_ids":["https://openalex.org/I4210139873"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058766838","display_name":"Khairul Shafee Kalid","orcid":"https://orcid.org/0000-0001-8383-2395"},"institutions":[{"id":"https://openalex.org/I203899302","display_name":"Universiti Teknologi Petronas","ror":"https://ror.org/048g2sh07","country_code":"MY","type":"education","lineage":["https://openalex.org/I203899302"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Khairul Shafee bin Kalid","raw_affiliation_strings":["Department of Computing Universiti Teknologi PETRONAS, 32610 Seri Iskandar, Perak, Malaysia"],"affiliations":[{"raw_affiliation_string":"Department of Computing Universiti Teknologi PETRONAS, 32610 Seri Iskandar, Perak, Malaysia","institution_ids":["https://openalex.org/I203899302"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056101465","display_name":"Abdul Rehman Gilal","orcid":"https://orcid.org/0000-0002-1904-1588"},"institutions":[{"id":"https://openalex.org/I19700959","display_name":"Florida International University","ror":"https://ror.org/02gz6gg07","country_code":"US","type":"education","lineage":["https://openalex.org/I19700959"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Abdul Rehman Gilal","raw_affiliation_strings":["Knight Foundation School of Computing and Information Sciences, Florida International University, Miami, FL 33199, USA"],"affiliations":[{"raw_affiliation_string":"Knight Foundation School of Computing and Information Sciences, Florida International University, Miami, FL 33199, USA","institution_ids":["https://openalex.org/I19700959"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019616714","display_name":"Aliza Sarlan","orcid":"https://orcid.org/0000-0002-6342-9993"},"institutions":[{"id":"https://openalex.org/I203899302","display_name":"Universiti Teknologi Petronas","ror":"https://ror.org/048g2sh07","country_code":"MY","type":"education","lineage":["https://openalex.org/I203899302"]}],"countries":["MY"],"is_corresponding":false,"raw_author_name":"Aliza Bt Sarlan","raw_affiliation_strings":["Department of Computing Universiti Teknologi PETRONAS, 32610 Seri Iskandar, Perak, Malaysia"],"affiliations":[{"raw_affiliation_string":"Department of Computing Universiti Teknologi PETRONAS, 32610 Seri Iskandar, Perak, Malaysia","institution_ids":["https://openalex.org/I203899302"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5051943616"],"corresponding_institution_ids":["https://openalex.org/I203899302"],"apc_list":{"value":1600,"currency":"CHF","value_usd":1732},"apc_paid":{"value":1600,"currency":"CHF","value_usd":1732},"fwci":3.2836,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.94061237,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"14","issue":"10","first_page":"429","last_page":"429"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10430","display_name":"Software Engineering Techniques and Practices","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-engineering","display_name":"Security engineering","score":0.6674000024795532},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.6640999913215637},{"id":"https://openalex.org/keywords/requirements-analysis","display_name":"Requirements analysis","score":0.4860000014305115},{"id":"https://openalex.org/keywords/requirements-elicitation","display_name":"Requirements elicitation","score":0.483599990606308},{"id":"https://openalex.org/keywords/requirements-engineering","display_name":"Requirements engineering","score":0.4602000117301941},{"id":"https://openalex.org/keywords/requirement","display_name":"Requirement","score":0.43059998750686646},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.41600000858306885},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.3977000117301941},{"id":"https://openalex.org/keywords/grasp","display_name":"GRASP","score":0.39750000834465027}],"concepts":[{"id":"https://openalex.org/C13159133","wikidata":"https://www.wikidata.org/wiki/Q365674","display_name":"Security engineering","level":5,"score":0.6674000024795532},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.6640999913215637},{"id":"https://openalex.org/C59488412","wikidata":"https://www.wikidata.org/wiki/Q187147","display_name":"Requirements analysis","level":3,"score":0.4860000014305115},{"id":"https://openalex.org/C45384764","wikidata":"https://www.wikidata.org/wiki/Q838667","display_name":"Requirements elicitation","level":4,"score":0.483599990606308},{"id":"https://openalex.org/C6604083","wikidata":"https://www.wikidata.org/wiki/Q376937","display_name":"Requirements engineering","level":3,"score":0.4602000117301941},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4440999925136566},{"id":"https://openalex.org/C135475081","wikidata":"https://www.wikidata.org/wiki/Q774228","display_name":"Requirement","level":4,"score":0.43059998750686646},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.42570000886917114},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.41600000858306885},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.3977000117301941},{"id":"https://openalex.org/C171268870","wikidata":"https://www.wikidata.org/wiki/Q1486676","display_name":"GRASP","level":2,"score":0.39750000834465027},{"id":"https://openalex.org/C47309137","wikidata":"https://www.wikidata.org/wiki/Q7598357","display_name":"Standard of Good Practice","level":5,"score":0.3962000012397766},{"id":"https://openalex.org/C173577280","wikidata":"https://www.wikidata.org/wiki/Q530038","display_name":"Requirements management","level":4,"score":0.39500001072883606},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36039999127388},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.36039999127388},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.3425999879837036},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.3409999907016754},{"id":"https://openalex.org/C110354214","wikidata":"https://www.wikidata.org/wiki/Q6314146","display_name":"Engineering management","level":1,"score":0.3089999854564667},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.2989000082015991},{"id":"https://openalex.org/C199747065","wikidata":"https://www.wikidata.org/wiki/Q3254666","display_name":"Non-functional requirement","level":5,"score":0.29820001125335693},{"id":"https://openalex.org/C54534927","wikidata":"https://www.wikidata.org/wiki/Q4462275","display_name":"Software requirements","level":5,"score":0.2874999940395355},{"id":"https://openalex.org/C106436119","wikidata":"https://www.wikidata.org/wiki/Q836575","display_name":"Quality assurance","level":3,"score":0.27889999747276306},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.2754000127315521},{"id":"https://openalex.org/C123247970","wikidata":"https://www.wikidata.org/wiki/Q5001932","display_name":"Business requirements","level":4,"score":0.275299996137619},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.2720000147819519},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.26600000262260437},{"id":"https://openalex.org/C111153917","wikidata":"https://www.wikidata.org/wiki/Q1662500","display_name":"Information security management system","level":5,"score":0.26330000162124634},{"id":"https://openalex.org/C17520342","wikidata":"https://www.wikidata.org/wiki/Q7797190","display_name":"Threat","level":5,"score":0.2578999996185303},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.25369998812675476}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/computers14100429","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computers14100429","pdf_url":null,"source":{"id":"https://openalex.org/S4210228075","display_name":"Computers","issn_l":"2073-431X","issn":["2073-431X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:39f740310308478180d6fcb736d87d18","is_oa":true,"landing_page_url":"https://doaj.org/article/39f740310308478180d6fcb736d87d18","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Computers, Vol 14, Iss 10, p 429 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/computers14100429","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computers14100429","pdf_url":null,"source":{"id":"https://openalex.org/S4210228075","display_name":"Computers","issn_l":"2073-431X","issn":["2073-431X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":35,"referenced_works":["https://openalex.org/W2884218922","https://openalex.org/W2891164157","https://openalex.org/W2904558120","https://openalex.org/W2921968294","https://openalex.org/W2965480889","https://openalex.org/W3011547193","https://openalex.org/W3023452601","https://openalex.org/W3170375891","https://openalex.org/W3203841480","https://openalex.org/W4200131578","https://openalex.org/W4210272087","https://openalex.org/W4210702423","https://openalex.org/W4220676955","https://openalex.org/W4224303169","https://openalex.org/W4309915647","https://openalex.org/W4313209655","https://openalex.org/W4318485168","https://openalex.org/W4367394488","https://openalex.org/W4381664032","https://openalex.org/W4382461663","https://openalex.org/W4390960169","https://openalex.org/W4391512406","https://openalex.org/W4393106164","https://openalex.org/W4393142189","https://openalex.org/W4393396278","https://openalex.org/W4395690127","https://openalex.org/W4396233454","https://openalex.org/W4397038114","https://openalex.org/W4401721252","https://openalex.org/W4404101985","https://openalex.org/W4405909192","https://openalex.org/W4406076687","https://openalex.org/W4408281967","https://openalex.org/W4408432806","https://openalex.org/W4410887368"],"related_works":[],"abstract_inverted_index":{"Security":[0,71,76,122,130],"is":[1,39],"crucial,":[2],"especially":[3],"as":[4],"software":[5],"systems":[6],"become":[7],"increasingly":[8],"complex.":[9],"Both":[10],"practitioners":[11],"and":[12,34,75,96,126,152],"researchers":[13],"advocate":[14],"for":[15,183,195],"the":[16,24,32,97,119,127,170,181],"early":[17,188],"integration":[18,98],"of":[19,36,99,110,121,129,145,173],"security":[20,37,185],"requirements":[21,38,91],"(SR)":[22],"into":[23],"Software":[25],"Development":[26],"Life":[27],"Cycle":[28],"(SDLC).":[29],"However,":[30],"ensuring":[31],"validation":[33],"assurance":[35,186],"still":[40],"a":[41,52,60,115,142],"major":[42,89],"challenge":[43],"in":[44,175,187],"developing":[45],"secure":[46],"systems.":[47],"To":[48],"investigate":[49],"this":[50,161,197],"issue,":[51],"two-phase":[53],"study":[54],"was":[55,63],"carried":[56],"out.":[57],"First":[58],"phase:":[59,106],"literature":[61],"review":[62],"conducted":[64],"on":[65,158],"45":[66],"relevant":[67],"studies":[68,156],"related":[69],"to":[70],"Requirements":[72,77,123,131],"Engineering":[73,124],"(SRE)":[74,125],"Assurance":[78,132],"(SRA).":[79,133],"Nine":[80],"SRE":[81,146],"techniques":[82],"were":[83],"examined":[84],"across":[85],"multiple":[86],"parameters,":[87],"including":[88],"categories,":[90],"engineering":[92],"stages,":[93],"project":[94],"scale,":[95],"standards":[100],"involving":[101],"17":[102],"distinct":[103],"activities.":[104],"Second":[105],"An":[107],"empirical":[108],"survey":[109],"58":[111],"industry":[112],"professionals":[113],"revealed":[114],"clear":[116],"disparity":[117],"between":[118],"understanding":[120],"implementation":[128],"While":[134],"statistical":[135],"analyses":[136],"(ANOVA,":[137],"regression,":[138],"correlation,":[139],"Kruskal\u2013Wallis)":[140],"confirmed":[141],"moderate":[143],"grasp":[144],"practices,":[147],"SRA":[148,174],"remains":[149],"poorly":[150],"understood":[151],"underapplied.":[153],"Unlike":[154],"prior":[155],"focused":[157],"isolated":[159],"models,":[160],"research":[162],"combines":[163],"practical":[164],"insights":[165],"with":[166],"comparative":[167],"analysis,":[168],"highlighting":[169],"systemic":[171],"neglect":[172],"current":[176],"practices.":[177],"The":[178],"findings":[179],"indicate":[180],"need":[182],"stronger":[184],"development":[189],"phases,":[190],"offering":[191],"targeted,":[192],"data-driven":[193],"recommendations":[194],"bridging":[196],"gap.":[198]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-03-27T14:29:43.386196","created_date":"2025-10-10T00:00:00"}