Governance-focused Classification of Security and Privacy Requirements from Obligations in Software Engineering ContractsTechnical design
[Context and Motivation] Security and Privacy (SP) compliance is an important aspect of running businesses successfully. Compliance with SP requirements by Software Engineering (SE) vendors, both in terms of the systems they implement and the practices they follow while implementing, gives customers an assurance that their data is accessed, stored, and processed securely. Failure to comply on the other hand, can entail heavy fines, lawsuits, and may even lead to loss of business through prohibition of those software in corresponding jurisdictions. SE contracts are known to be a useful source for deriving software requirements. [Question/problem] Mining any kind of information from contracts is a dauting task given that contracts are large and complex documents employing Legalese. [Principal ide-as/results] We employ an exploratory study to come up with a model for a governance-focused classification of the SP requirements present in SE con-tracts. Next, we report experiments conducted with Recurrent Neural Net-works and Transformer-based models to automate this classification. Experiments conducted on 960 SE contracts received from a large vendor organization indicate that T5 performs best for both SP identification and classification tasks. With T5, we obtained an average F1 score of 0.90 each for identification of SP requirements. For the governance-focused classification, we obtained an average F1 score of 0.81 for the Security class and 0.80 for the Privacy class. [Contribution] Through an exploratory study, we present a model for a governance-focused classification of the SP requirements present in SE contracts. We further automate the extraction and the governance-focused classification of SP requirements by conducting experiments using 960 real-life SE contracts received from a large vendor organization.
Tue 9 AprDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
14:00 - 15:30 | Quality Requirements (R4)Research Track at Vorhangsaal Conference room MA-E0.46 Chair(s): Laura Semini Università di Pisa - Dipartimento di Informatica | ||
14:00 40mTalk | A New Usability Inspection Method: Experience-based AnalysisTechnical design Research Track P: Anu Piirisild Institute of Computer Science, University of Tartu, A: Ana Perandrés Gómez Ageing Lab Foundation, A: Kuldar Taveter University of Tartu, Estonia, D: Preethu Rose Anish TCS Research File Attached | ||
14:40 40mTalk | Governance-focused Classification of Security and Privacy Requirements from Obligations in Software Engineering ContractsTechnical design Research Track P: Preethu Rose Anish TCS Research, A: Aparna Verma TATA Consultancy Services, A: Sivanthy Venkatesan TATA Consultancy Services, A: Logamurugan V TATA Consultancy Services, A: Smita Ghaisas TCS Research, D: Anu Piirisild Institute of Computer Science, University of Tartu |