An Ontological Interface for Software Developers to Select Security Patterns

In the software development lifecycle, security expertise is one common missing quality that needs to be addressed on a stronger footing, by taking advantage of the scaling effect of security patterns. Security patterns capture security experts' knowledge for a given security problem. Hence, they are produced by experts in security and consumed by novice security users, such as software developers. In this paper we present an ontology based approach tofind an eligible set of security patterns requested by software developers. We adopt the formal description of security properties presented in the Serenity EU project fordefining our ground security requirements. We distinguish between two profiles for software developers and define a corresponding ontological interface. This ontological interface contains a mapping between security requirementsfrom one side and threat models, security bugs, security errors on another side taking into consideration their contexts of applicability. We describe the current status of this work in progress where results are quite promising.