3rd Evolving Security & Privacy Requirements Engineering Workshop, Beijing, China

When specifying a system, security and privacy needs to be addressed as early as possible&#046; Unfortunately, many people find doing so difficult in the face of conflicting priorities&#046; When these concerns are addressed, we discover how intrinsically difficult specifying security and privacy can be, and the blurred distinction between requirements and security and privacy concepts&#046;<br>The Evolving Security and Privacy Requirements Engineering (ESPRE) Workshop will be a multi&#8211;disciplinary, one&#8211;day workshop that brings together practitioners and researchers interested in security and privacy requirements&#046; ESPRE will probe the interfaces between Requirements Engineering and Security &amp; Privacy, and take the first step in evolving security and privacy requirements engineering to meet a range of needs of stakeholders ranging from business analysts and security engineers, to technology entrepreneurs and privacy advocates&#046;<br>* TOPICS<br>Topics addressed by ESPRE are those which will promote discussion about advancing Security &amp; Privacy Requirements Engineering&#046; These include, but are not excluded to:<br>&#8211; Adaptation of security and privacy requirements<br>&#8211; Consideration of legal compliance during security &amp; privacy requirements engineering<br>&#8211; Evolution of security and privacy requirements<br>&#8211; Identification and management of all stakeholders (including attackers)<br>&#8211; Modelling multilateral stakeholder perspectives on security and privacy<br>&#8211; Modelling of domain knowledge for security and privacy requirements<br>&#8211; Modelling of trust and risk<br>&#8211; Ontologies for security and privacy requirements engineering<br>&#8211; Positive (and especially negative) lessons learned applying security and requirements engineering in practice<br>&#8211; Scalability of security requirements engineering approaches<br>&#8211; Security and privacy requirements engineering processes<br>&#8211; Security and privacy requirements elicitation and analysis<br>&#8211; Security requirements&#8211;based testing<br>&#8211; Teaching and training in security and privacy requirements engineering<br>&#8211; The role of security and privacy requirements engineering to support design innovation<br>&#8211; Use of requirements engineering to create security and privacy standard&#8211;compliant software<br>&#8211; Validation and verification of security and privacy requirements<br>