Managing Software Security Knowledge in Context: An Ontology Based Approach
In the setting of software development, knowledge can be both dynamic and situation specific, and the complexity of knowledge usually exceeds the capacity of individuals to solve problems by themselves. Software developers not only require knowledge about the general security concepts but also about the context for which software is being developed. With traditional security knowledge formats, which are usually organized in a security-centric way, it is difficult for knowledge users to retrieve
... e users to retrieve the desired security information to fulfill the requirements of their working context. In order to effectively regulate the operation of security knowledge and be an essential part of practical software development practices, we argue that security knowledge must first incorporate additional features, that is, to first specify which contextual information is to be handled, and then represent the security knowledge in a format that is understandable and acceptable to the individuals. This study introduces a novel ontology approach for modeling security knowledge in a context-sensitive manner where the security knowledge can be retrieved while taking the context of the application in hand into consideration. In this paper, we present our security ontology with the design concepts and the evaluation process.