In this post, I will talk about misuse cases and steps to identify security requirements. Ivar Jacobson while working on large telecommunication systems introduced use cases. According to him use cases describe system's desired behavior in the form of a story ('Scenario')from the point view of a user or interfacing system('Actor') and supported by subsidiary scenarios in the form of alternatives and exceptions[Jacabson 1992]. On the other hand misuse cases are the inverse of use cases. The concept was coined in 1990s by Guttorm Sindre of the Norwegian University of Science and Technology, and Andreas L. Opdahl of the University of Bergen, Norway.

“Ambiguity” in requirements means a requirement can have different interpretations. This leads to incorrect developed software which in turn leads to substantial amount of rework as most of them are uncovered during testing phase. The paradigm of executable requirements is an attempt to remove such ambiguities.