non-functional requirements

security November 24, 2021

ENISA: ADVANCING SOFTWARE SECURITY IN THE EU

While I was looking after some resources for a presentation, I found this interesting lecture from ENISA.   Advancing Software Security in the EU Download PDF document, 622 KB This study discusses some key elements of software security and provides a concise overview of the most relevant existing approaches and standards while identifying shortcomings associated with the secure software development landscape, related to different inherent aspects of the process. Lastly, it provides a number of practical considerations relevant to the different aspects of software development within the newly established EU cybersecurity certification framework and the EU cybersecurity certification schemes. Fundamental security principles are often overlooked during software development. This is because Security is a non functional feature. Functional requirements are about behaviour of the system towards the outside world (e.g. a user), whereas non-functional requirements are mainly about the internal mechanisms. Many of the security requirements are non-functional; for example on how to store passwords in a database. Security requirements originate from different sources, such as – explicit functional and non-functional requests from user(s), – requirements and obligations originating from the underlying legal framework – requirements that are considered as best practices, company policies, in widely accepted guidelines, from threat…

No Image

General March 26, 2014

What are functional and non functional requirements and why both matter

In software engineering (and Systems Engineering), a functional requirement defines a function of a system or its component. A function is described as a set of inputs, the behavior, and outputs (see also software). Functional requirements may be calculations, technical details, data manipulation and processing and other specific functionality that define what a system is supposed to accomplish. Behavioral requirements describing all the cases where the system uses the functional requirements are captured in use cases. A non-functional requirement is a requirement that specifies criteria that can be used to judge the operation of a system, rather than specific behaviors. This should be contrasted with functional requirements that define specific behavior or functions. The plan for implementing functional requirements is detailed in the system design. The plan for implementing non-functional requirements is detailed in the system architecture. So, with simpler words, the non-functional requirements, in addition to the obvious features and functions that you will provide in your system, are other requirements that don’t actually DO anything, but are important characteristics nevertheless. For example, attributes such as performance, security, usability, compatibility. aren’t a “feature” of the system, but are a required characteristic. Most of the time you can’t write a specific line of code to implement them, rather they are “emergent” properties that arise from the entire solution. The specification needs to describe any such attributes…

%d bloggers like this: