This event came to be as a result of a chance meeting. But sometimes, great things arise from chance. So it is with SREIS, and we hope
that this is the first in a series of events leading to better understanding of how to build systems with a higher level of assurance.
In May of 2000, the two of us (Annie and Spaf) were attending the National Colloquium on Information Systems Security Education (NCISSE) in
Washington. We met at the reception, and discovered that we were both alumni of Georgia Tech. We exchanged many stories about faculty and
Tech experiences we had in common, despite the difference in years between our student days. Interspersed with these droll reminiscences, we
discussed our research interests. It soon became apparent to us that there is a potential synergy between our respective research communities --
that security people are increasingly concerned with software quality, and requirements engineering people are looking for important challenges in
the design of software. So, after contacting a few of our colleagues for their opinions, we developed the plans for this event.
The primary goal of this symposium is to stimulate understanding, cross-fertilization and technology transfer between and among practitioners and
researchers in two communities: information security and requirements engineering. Our intent is to provide researchers and practitioners from these
disciplines with an interactive forum to discuss security and privacy-related requirements. Ideally, this forum will lead to the formation of alliances to
solve problems together in the future.
Our call for contributions was met with great enthusiasm. About the same number of papers were received from academia as industry, and we
attracted papers from six countries (Australia, Brazil, Canada, Korea, the UK, and the USA). The program committee selected papers dealing
directly with both requirements engineering and information security in various application domains. These included papers on electronic commerce,
wireless technologies and telecommunications, as well as papers addressing monitoring and guards against malicious activity. In the end, the
program committee selected slightly more than 40% of the papers submitted to compose the final program.
To complement these papers, we were able to solicit a keynote address by distinguished scientist, John Rushby. Dr. Rushby has been one of the
few people actively working in both the requirements engineering and information security communities over the years. Then, to underscore the
importance of the topic area, we were fortunate that NIAP agreed to hold their Government-Industry IT Security Forum in conjunction with
SREIS.
We would like to acknowledge and express our gratitude to all those who have made this symposium and program possible. Our sincere thanks to
the members of the program committee for soliciting contributions, providing their timely and impartial reviews, commenting on the program, and
most of all -- donating their time and expertise; to all the contributors, especially the authors, panelists, session and panel chairs; to NIAP and
NIST for their assistance in organizing this event, especially Dr. Ron Ross; to Dr. Michael Rappa of the e-Commerce Learning Center at North
Carolina State University, to ACM SIGSAC and ACM SIGSOFT, and to the Indiana Information Technology Association (INITA) for their
cooperation in organizing the symposium; to Dr. Peri Loucopolous and Dr. John Mylopolous, co-editors of the Requirements Engineering Journal,
for allowing us to invite the best papers from the symposium for a special issue to appear later this year; thanks to Nathan Denton for the CD art
and animation; to the Purdue University conference office, and especially
John Wellman; and last, but not least, we extend our sincere thanks to Dr. Melissa Dark of CERIAS, for doing such a fantastic job managing the
local arrangements.
We hope you find the symposium educational, energizing, and thought-provoking. Most of all, we hope it sparks an interest in creating new
working relationships and collaborations among the attendees. We would very much like to see some exciting new results engendered by this event
presented at SREIS II, to be held sometime in 2002.
Welcome to the First Symposium on Requirements Engineering for Information Security and thank you for participating!
