Inspiration - Correlation between Security Experience and Requirements Quality

As we analyze our survey responses, we see a pattern emerging. A sort of a correlation between security experience and the quality of requirements they put in. We have not analyzed the data yet in terms of this aspect, but is one definitely worth studying. Increasing the scope of the paper? Maybe yes. It'll be an interesting observation.

One more thing we observe is a correlation between security experience and awareness of the CWE database. That would be an interesting study too. Looking forward to the results.

Follow Up Interviews - SE Faculty

As a follow up to our surveys, we did a couple of interviews with SE faculty. Both of them seemed to concur with a majority of the requirements we obtained through the survey. However, two requirements stood out and showed how Security Experience could influence the quality of requirements we got. Could that be added as a result to our paper? We think yes. Any Opinions? 
To people who are curious to know what stood out:
1. The ability to add and customize the rules we have to analyze security.
2. Domain specific rules 

They could form a significant part of the requirement space. Security Experience does influence the quality of requirements we get. Surprised? Maybe not. But could the others have thought about this? Definitely not.

Requirements Trends Till Date

It has been interesting to observe the responses to the survey till date. The following are the trends we observed till now:

1. Developers do not want a static analyzer, as they are already spoilt for choices.

2. 80% of the respondents wanted the application to be able to run as a plugin to their IDE's or other development environments

3. 87% (intermediate) felt that this would be useful throughout the implementation iterations.