Maintaining requirements for long-living software systems by incorporating security knowledge

This paper presents an integrative security knowledge model and a heuristic method to detect vulnerabilities in requirements based on reported security incidents and proposes a method based on natural language analysis to refine and to adapt security knowledge.