There are several security requirements identification methods proposed by researchers in up-front requirements engineering (RE). However, in open source software (OSS) projects, developers use lightweight representation and refine requirements frequently by writing comments. They also tend to discuss security aspect in comments by providing code snippets, attachments, and external resource links. Since most security requirements identification methods in up-front RE are based on textual information retrieval techniques, these methods are not suitable for OSS projects or just-in-time RE. In this study, we proposed a linear based approach to identify security requirements. It first uses logistic regression models (RMs) to calculate feature values for requirements in OSS project. Then it uses the linear combination of all feature values to classify security and non-security requirements Our results show that compares to single RMs, our approach can achieve higher recall and precision.

研究人员在前期需求工程（RE）中提出了几种安全需求识别方法。但是，在开源软件（OSS）项目中，开发人员使用轻量级表示形式并通过编写注释来频繁地改进需求。他们还倾向于通过提供代码段，附件和外部资源链接来讨论注释中的安全性方面。由于前期RE中的大多数安全需求识别方法都是基于文本信息检索技术的，因此这些方法不适用于OSS项目或即时项目。回覆。在这项研究中，我们提出了一种基于线性的方法来确定安全要求。它首先使用逻辑回归模型（RM）来计算OSS项目中需求的特征值。然后，它使用所有特征值的线性组合对安全性和非安全性要求进行分类。我们的结果表明，与单个RM相比，我们的方法可以实现更高的召回率和精度。