Presented by Daniele Zottarel, Luigi Buglione and Fabrizio Di Cola
Session Description:
SNAP is the IFPUG methodology that allows the assessment of the non-functional dimension of the software. The security requirements of an application generally involve both functional and non-functional requirements. In this presentation, we propose a SNAP based approach to the measurement of the non-functional dimension of the security requirements, starting from their necessary identification and separation from the functional requirements. Referring to an example of a typical application, we will propose a scheme for the decomposition of different security requirements into FURs and NFRs. Subsequently, for the NFRs only, the SNAP subcategories involved will be identified and the details of their counting will be provided.
- Benefits for Participants:
- Decomposition of “Security User Requirements” in their Functional and Non-Functional aspects: focus on the need to separate FURs from NFRs in measuring the security requirements of an application
- Identification and description of the main sub-categories most frequently involved in the assessment of Security NFRs
- Non-functional assessment of security functionalities applied to practical occurrences of security functionalities in an example of a real application
Measuring NFRs in Application Security Functionalities is approved for Certified SNAP Specialist Certification Extension Activity.
Speaker Bio:
Daniele Zottarel was born in Rome in 1961 and graduated in Civil Engineering in 1987 at “La Sapienza” University. He has been working as an IT technician since 1989 in Sogei, which is the Italian leading company for Public Administration IT. For his company, currently he’s the reference for Business Intelligence solutions for the Italian State Property Agency. He is a CFPS “fellow” certified and carries out testing and methodological consultancy as a company referent on IFPUG metrics. Since 2020 he has been a member of IFPUG Functional Sizing Standards Committee (FSSC) and since 2022 he has also been a member of the Non-Functional Sizing Standards Committee (NFSSC).
Luigi Buglione is a Measurement & Process Improvement Specialist at DXC Technology in Rome/Italy. Luigi is currently the IFPUG Secretary and Director for Partnerships and Academic Affairs, ISBSG Vice President and President of GUFPI-ISMA. He is a regular speaker at international Conferences on Software/Service Measurement, Process Improvement and Quality and is actively part of International and National technical associations on such issues. He is also an ITIL4 and DevOps trainer. He achieved several certifications (included IFPUG CFPS [FPA], CSS [SNAP] and CSMS and COSMIC CCFL for the Software Measurement side) and received a Ph.D in MIS and a degree cum laude in Economics.
Fabrizio Di Cola got masters graduated in Computer Engineering. He had university research and private consulting experiences in the IT sector between 2000 and 2007. In 2007 he was hired by Sogei Spa as IT and Software Architect. He has been working in software measurement metrics as company reference in this sector since 2011. He is currently responsible for coordinating the metrics competence center and related projects in Sogei. In the same role, he is involved in contract design and implementation. He works as a teacher for internal and external courses on software metrics. He received the CFPS in 2012, the PMP in 2016, and the PMI-ACP in 2020, the CSS in 2023. He is chair of the IFPUG committee for non-functional sizing standards (NFSSC). He was elected vice president of GUFPI-ISMA, the Italian association dedicated to software metrics, in 2025.