Data breaches, zero-day vulnerabilities, and attacks exploiting components core to global information technology (IT) infrastructure have become a mainstay of technology news over the last couple years. Researchers and practitioners alike are vigorously trying to build detection and prevention capabilities to arrest this growing trend of loss due to poor security engineering and implementation discipline. Against this backdrop of advancements in every aspect of the information security industry, one area that needs a deeper look is security requirements engineering (SRE), and more specifically the reusability of knowledge cultivated over time when designing and building various security controls and mechanisms.
展开▼