In this phase all the business requirements are gathered and finalized by the project managers, the development team and the stakeholders. Along with this, special care is taken in specifying the security needs of the software. The major role in this is played by the security advisor who specifies how security has to be integrated into the development process, how to identify the key features of security and how to maximize the security with minimization of disruptions and delays.

The primary components of security specification that helps in ensuring implementation of secured software are:

  • Security rules, regulations and guidelines
  • Threat modelling or architectural and design reviews
  • Guidelines for secure coding
  • White box, grey box and black box testing
  • To determine the exploitability

Another feature of requirement gathering phase is the security risk assessment. Various functional aspects are analysed minutely. This risk assessment helps in identifying the cost and complete set of requirement of the data that is governed by security considerations.