Automated Identification of Security and Privacy Requirements from Software Engineering Contracts

The increasing prevalence of information disclosure, data breach and privacy risk has obliged the incorporation of security and privacy measures while designing software systems. With rise in concerns related to security and privacy, different laws and regulations have been enacted to protect vulnerable information. Complying with these laws and regulations is essential for software systems to manage vulnerable information. To comply with these laws, it is important to identify obligatory security and privacy requirements from Software Engineering (SE) contracts while designing software systems. However, manually identifying these requirements from contracts is error-prone and a difficult task given that contracts are written in Legalese and is not comprehensible to software developers who have to implement these security and privacy measures into the software. To mitigate this, we propose an approach to automatically identify obligatory security and privacy requirements from SE contracts. Our approach leverages the power of state-of-the-art Natural Language Generation transformer model T5 (Text-to-Text Transfer Transformer). We achieved a Fl-score of 91% with T5 for identification of security and privacy requirements.