I. Introduction
Security is the discipline concerned with protecting systems from a wide range of threats that break the system by exploiting a vulnerability, i.e. a property of the system or its environment that, when faced with particular threats, can lead to failures [1]. Security is a multi-faceted problem; it is as much about understanding the domain in which systems operate as it is about the systems themselves. Recent research has argued about the importance of considering security during RE, SR (SR). Some approaches have considered knowledge-based requirements elicitation, especially with ontologies [3]. Our own experience with RITA [2] a requirements elicitation method that exploits a just one threat ontology, was that “being generic, the threats in the RITA ontology are not specific to the target [bank] industry”. Experts involved in the evaluation complained about “the lack of specificity of the types of threats to the industry sector and the problem domain at hand”. The problem that remains open is therefore that we need both to exploit security knowledge and domain knowledge to guide the elicitation of domain-specific SR. Our proposal is to use in combination two kinds of ontologies: a security ontology that embeds security specific knowledge, and domain ontology that encompasses domain specific knowledge. The expected outcome is that the SR resulting from the combined use of both ontologies will be more domain specific. The difficulty lies in (a) making sense out of two ontologies that are developed separately for different purposes, and to actually (b) provide some sort of assurance towards the completeness of the requirements elicited with a method that combines security and domain ontologies. Besides, how to be efficient if the proposed method relies on pre-selected ontologies? We need a method that works, as far as possible, with any security ontology and any domain ontology.