SecEval: An Evaluation Framework for Engineering Secure Systems.

Engineering secure software systems is not an easy task. Many methods, notations and tools – we call them knowledge objects – exist to support engineers in the development of such software. A main problem is the selection of appropriate knowledge objects. Therefore, we build the conceptual framework SECEVAL to support the evaluation and comparison of security features, vulnerabilities, methods, notations and tools. It provides an evaluation process and a model, which comprises concepts related to security context, data collection and data analysis. Our approach is validated by a case study in the area of security testing of web applications.