Software security requirements management as an emerging cloud computing service

•We present concise methods, techniques, and best practice requirements management guidelines on software security.•Outlines features of the proposed requirements engineering and management as an emerging cloud service (SSREMaaES).•Developed an Integrated-Secure SDLC model (IS-SDLC), which will benefit practitioners, researchers, learners, and educators.•Application and process of using Microsoft SDLC for DDoS attacks on cloud services.•Illustrates our approach for a large cloud system Amazon EC2 service.

Emerging cloud applications are growing rapidly and the need for identifying and managing service requirements is also highly important and critical at present. Software Engineering and Information Systems has established techniques, methods and technology over two decades to help achieve cloud service requirements, design, development, and testing. However, due to the lack of understanding of software security vulnerabilities that should have been identified and managed during the requirements engineering phase, we have not been so successful in applying software engineering, information management, and requirements management principles that have been established for the past at least 25 years, when developing secure software systems. Therefore, software security cannot just be added after a system has been built and delivered to customers as seen in today’s software applications. This paper provides concise methods, techniques, and best practice requirements engineering and management as an emerging cloud service (SSREMaaES) and also provides guidelines on software security as a service. This paper also discusses an Integrated-Secure SDLC model (IS-SDLC), which will benefit practitioners, researchers, learners, and educators. This paper illustrates our approach for a large cloud system Amazon EC2 service.