Differences

This shows you the differences between two versions of the page.

--- erise [2013/04/05 18:07] – [Engineering of Risk and Security Requirement Challenge] federica.paci@unitn.it
+++ erise [2021/01/29 10:58] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-===== Engineering of Risk and Security Requirement Challenge ====
+===== eRISE Challenge ====
-The eRISE challenge is a series of empirical studies that aim to compare security engineering methods sponsored by [[www.nessos-project.eu|NESSoS]] European Project and [[www.eitictlabs.eu|EIT ICT Labs]]. Two editions of eRISE challenge has been held [[eRISE 2011]] and [[eRISE 2012]].The organization of the third edition [[eRISE 2013]] is currently ongoing.
+The eRISE (engineering RIsks and SEcurity Requirements) challenge is a series of empirical studies that aim to compare security engineering methods sponsored by [[http://www.nessos-project.eu|NESSoS]] European Project and [[http://www.eitictlabs.eu|EIT ICT Labs]]. Three editions of eRISE challenge has been held [[eRISE 2011]], [[eRISE 2012]], and [[eRISE 2013]]. See the [[validation_of_risk_and_security_requirements_methodologies|main page]] for our work on empirical validation of security risk assessment methods and other experiments.
 The idea of eRISE challenge is to bring together researchers, young students and practitioners to understand if security methods are effective and what features determine their effectiveness.
-With eRISE we want to be able to tell whether //it is not a method to find security recommendations..it helps us to represent the model but does not help in finding solution// or //it helps to find out specific security requirement//.
+With eRISE we want to be able to tell whether "//it is not a method to find security recommendations..//", or at least "//it helps us to represent the model but does not help in finding solution//", or hopefully "//it helps to find out specific security requirement//." (quoting some of the participants of our experiments).
 **eRISE provides  method designer with**:
-  * Empirical evaluation and Benchmarking of security engineering methods;
+  * Empirical evaluation and benchmarking of security engineering methods;
-  * Knowledge of how and why participants intend to adopt a method;
+  * Understand if the proposed method works in practice
-  * Feedback to improve a security method by investigating strengths, weakness and   limitations of the   method.
+  * Feedback to improve a security method by investigating its strengths, weakness and limitations.
 **eRISE aims to provide the participants with the benefit of:**
   * Knowledge about various state-of-the art methods in the research field, on analyzing security risks  and requirements of a system;
-   * Opportunity to participate and work on an international collaborative project remotely.
+   * Opportunity to participate and work in international collaborative project.
-==== Research Question ====
+==== Research Questions ====
-  * **RQ1**//Are security requirements and risk methods effective when applied by someone different than their own inventor?//
+  * **RQ1** //Are security requirements and risk methods effective when applied by someone different than their own inventor?//
   * **RQ2** //Why are the methods effective? Why they are not?//
-Effectiveness means that a method assists the analyst to produce high quality security requirements with less time and less effort.
+A method is //effective// when it assists the analyst to produce high quality security requirements with less time and less effort.
 ==== Research Approach ====