{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T23:24:21Z","timestamp":1763767461076,"version":"3.37.3"},"reference-count":76,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2022,9,18]],"date-time":"2022-09-18T00:00:00Z","timestamp":1663459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,9,18]],"date-time":"2022-09-18T00:00:00Z","timestamp":1663459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100002322","name":"Coordena\u00e7\u00e3o de Aperfei\u00e7oamento de Pessoal de N\u00edvel Superior","doi-asserted-by":"publisher","award":["001"],"award-info":[{"award-number":["001"]}],"id":[{"id":"10.13039\/501100002322","id-type":"DOI","asserted-by":"publisher"}]},{"name":"KKS foundation Profile Project ReThought.se."},{"DOI":"10.13039\/501100021680","name":"NOVA LINCS Research Laboratory","doi-asserted-by":"crossref","award":["UID\/CEC\/04516\/-2019"],"award-info":[{"award-number":["UID\/CEC\/04516\/-2019"]}],"id":[{"id":"10.13039\/501100021680","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Requirements Eng"],"published-print":{"date-parts":[[2023,6]]},"DOI":"10.1007\/s00766-022-00388-2","type":"journal-article","created":{"date-parts":[[2022,9,18]],"date-time":"2022-09-18T17:02:39Z","timestamp":1663520559000},"page":"229-255","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Evaluating a privacy requirements specification method by using a mixed-method approach: results and lessons learned"],"prefix":"10.1007","volume":"28","author":[{"given":"Mariana","family":"Peixoto","sequence":"first","affiliation":[]},{"given":"Carla","family":"Silva","sequence":"additional","affiliation":[]},{"given":"Jo\u00e3o","family":"Ara\u00fajo","sequence":"additional","affiliation":[]},{"given":"Tony","family":"Gorschek","sequence":"additional","affiliation":[]},{"given":"Alexandre","family":"Vasconcelos","sequence":"additional","affiliation":[]},{"given":"J\u00e9ssyka","family":"Vilela","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,9,18]]},"reference":[{"key":"388_CR1","doi-asserted-by":"publisher","DOI":"10.1088\/1742-6596\/1454\/1\/012001","volume":"1454","author":"K AbdElazim","year":"2020","unstructured":"AbdElazim K, Moawad R, Elfakharany E (2020) A framework for requirements prioritization process in Agile software development. J Phys Conf Ser 1454:012001. https:\/\/doi.org\/10.1088\/1742-6596\/1454\/1\/012001","journal-title":"J Phys Conf Ser"},{"issue":"1","key":"388_CR2","doi-asserted-by":"publisher","first-page":"143","DOI":"10.14569\/IJACSA.2014.050120","volume":"5","author":"S Alharbi","year":"2014","unstructured":"Alharbi S, Drew S (2014) Using the technology acceptance model in understanding academics\u2019 behavioural intention to use learning management systems. Int J Adv Comput Sci Appl 5(1):143\u2013155. https:\/\/doi.org\/10.14569\/IJACSA.2014.050120","journal-title":"Int J Adv Comput Sci Appl"},{"key":"388_CR3","unstructured":"Altman I (1975) The environment and social behavior: privacy, personal space, territory, and crowding. ERIC"},{"issue":"1","key":"388_CR4","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/s00766-016-0258-2","volume":"23","author":"T Ambreen","year":"2018","unstructured":"Ambreen T, Ikram N, Usman M, Niazi M (2018) Empirical research in requirements engineering: trends and opportunities. Requirements Eng 23(1):63\u201395. https:\/\/doi.org\/10.1007\/s00766-016-0258-2","journal-title":"Requirements Eng"},{"key":"388_CR5","doi-asserted-by":"publisher","unstructured":"Ant\u00f3n AI, Earp JB (2001) Strategies for developing policies and requirements for secure and private electronic commerce. In: E-commerce security and privacy. Springer, Boston, pp 67\u201386. https:\/\/doi.org\/10.1007\/978-1-4615-1467-1_5","DOI":"10.1007\/978-1-4615-1467-1_5"},{"key":"388_CR6","unstructured":"Assembly UG (1948) Universal declaration of human rights. UN General Assembly 302(2)"},{"key":"388_CR7","doi-asserted-by":"publisher","unstructured":"Ayala-Rivera V, Pasquale L (2018) The grace period has ended: an approach to operationalize GDPR requirements. In: 2018 IEEE 26th international requirements engineering conference (RE). IEEE, pp 136\u2013146. https:\/\/doi.org\/10.1109\/RE.2018.00023","DOI":"10.1109\/RE.2018.00023"},{"key":"388_CR8","unstructured":"Ayed GB, Ghernaouti-H\u00e9lie S (2011) Privacy requirements specification for digital identity management systems implementation: towards a digital society of privacy. In: 2011 international conference for internet technology and secured transactions (ICITST). IEEE, pp 602\u2013607. https:\/\/ieeexplore.ieee.org\/abstract\/document\/6148406"},{"key":"388_CR9","doi-asserted-by":"publisher","unstructured":"Bartolini C, Daoudagh S, Lenzini G, Marchetti E (2019) GDPR-based user stories in the access control perspective. In: Quality of information and communications technology. Springer, Cham, pp 3\u201317. https:\/\/doi.org\/10.1007\/978-3-030-29238-6_1","DOI":"10.1007\/978-3-030-29238-6_1"},{"key":"388_CR10","doi-asserted-by":"publisher","unstructured":"Basso T, Montecchi L, Moraes R, Jino M, Bondavalli A (2015) Towards a UML profile for privacy-aware applications. In: 2015 IEEE international conference on computer and information technology; ubiquitous computing and communications; dependable, autonomic and secure computing; pervasive intelligence and computing, pp 371\u2013378. https:\/\/doi.org\/10.1109\/CIT\/IUCC\/DASC\/PICOM.2015.53","DOI":"10.1109\/CIT\/IUCC\/DASC\/PICOM.2015.53"},{"key":"388_CR11","doi-asserted-by":"publisher","unstructured":"Behutiye W, Karhap\u00e4\u00e4 P, Costal D, Oivo M, Franch X (2017) Non-functional requirements documentation in Agile software development: challenges and solution proposal. In: Product-focused software process improvement. Springer, Cham, pp 515\u2013522. https:\/\/doi.org\/10.1007\/978-3-319-69926-4_41","DOI":"10.1007\/978-3-319-69926-4_41"},{"key":"388_CR12","unstructured":"Bijwe A, Mead N (2010) Adapting the square process for privacy requirements engineering. Software Engineering Institute. Carnegie Mellon University, technical report, CMU\/SEI-2010-TN-022. Technical report. https:\/\/resources.sei.cmu.edu\/asset_files\/technicalnote\/2010_004_001_15185.pdf"},{"key":"388_CR13","doi-asserted-by":"publisher","unstructured":"Bik N, Lucassen G, Brinkkemper S (2017) A reference method for user story requirements in Agile systems development. In: 2017 IEEE 25th international requirements engineering conference workshops (REW), pp 292\u2013298. https:\/\/doi.org\/10.1109\/REW.2017.83","DOI":"10.1109\/REW.2017.83"},{"issue":"5","key":"388_CR14","doi-asserted-by":"publisher","first-page":"193","DOI":"10.2307\/1321160","volume":"4","author":"L Brandeis","year":"1890","unstructured":"Brandeis L, Warren S (1890) The right to privacy. Harv Law Rev 4(5):193\u2013220","journal-title":"Harv Law Rev"},{"key":"388_CR15","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-022-00382-8","author":"ED Canedo","year":"2022","unstructured":"Canedo ED, Bandeira IN, Calazans ATS, Costa PHT, Can\u00e7ado ECR, Bonif\u00e1cio R (2022) Privacy requirements elicitation: a systematic literature review and perception analysis of it practitioners. Requir Eng. https:\/\/doi.org\/10.1007\/s00766-022-00382-8","journal-title":"Requir Eng"},{"key":"388_CR16","doi-asserted-by":"publisher","unstructured":"Carver J, Jaccheri L, Morasca S, Shull F (2003) Issues in using students in empirical studies in software engineering education. In: Proceedings. 5th international workshop on enterprise networking and computing in healthcare industry (IEEE Cat. No.03EX717), pp 239\u2013249. https:\/\/doi.org\/10.1109\/METRIC.2003.1232471","DOI":"10.1109\/METRIC.2003.1232471"},{"issue":"1","key":"388_CR17","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/s10664-009-9109-9","volume":"15","author":"JC Carver","year":"2010","unstructured":"Carver JC, Jaccheri L, Morasca S, Shull F (2010) A checklist for integrating student empirical studies with research and teaching goals. Empir Softw Eng 15(1):35\u201359. https:\/\/doi.org\/10.1007\/s10664-009-9109-9","journal-title":"Empir Softw Eng"},{"key":"388_CR18","unstructured":"Cavoukian A (2009) Privacy by design: the 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada 5. https:\/\/privacy.ucsc.edu\/resources\/privacy-by-design---foundational-principles.pdf"},{"issue":"Issue 9","key":"388_CR19","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1145\/2330667.2330669","volume":"55","author":"A Cavoukian","year":"2012","unstructured":"Cavoukian A (2012) Operationalizing privacy by design: a guide to implementing. Commun ACM 55(Issue 9):7. https:\/\/doi.org\/10.1145\/2330667.2330669","journal-title":"Commun ACM"},{"issue":"4","key":"388_CR20","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1007\/s00766-020-00333-1","volume":"25","author":"L Chazette","year":"2020","unstructured":"Chazette L, Schneider K (2020) Explainability as a non-functional requirement: challenges and recommendations. Requirements Eng 25(4):493\u2013514. https:\/\/doi.org\/10.1007\/s00766-020-00333-1","journal-title":"Requirements Eng"},{"key":"388_CR21","volume-title":"User stories applied: for Agile software development","author":"M Cohn","year":"2004","unstructured":"Cohn M (2004) User stories applied: for Agile software development. Addison-Wesley Professional, Reading"},{"key":"388_CR22","volume-title":"Educational research: planning, conducting, and evaluating quantitative","author":"JW Creswell","year":"2002","unstructured":"Creswell JW (2002) Educational research: planning, conducting, and evaluating quantitative. Prentice Hall, Upper Saddle River, NJ"},{"key":"388_CR23","volume-title":"Research design: qualitative, quantitative, and mixed methods approaches","author":"JW Creswell","year":"2017","unstructured":"Creswell JW, Creswell JD (2017) Research design: qualitative, quantitative, and mixed methods approaches. Sage Publications, Thousand Oaks"},{"key":"388_CR24","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1016\/j.jss.2018.01.036","volume":"139","author":"K Curcio","year":"2018","unstructured":"Curcio K, Navarro T, Malucelli A, Reinehr S (2018) Requirements engineering: a systematic mapping study in agile software development. J Syst Softw 139:32\u201350. https:\/\/doi.org\/10.1016\/j.jss.2018.01.036","journal-title":"J Syst Softw"},{"issue":"3","key":"388_CR25","doi-asserted-by":"publisher","first-page":"319","DOI":"10.2307\/249008","volume":"13","author":"FD Davis","year":"1989","unstructured":"Davis FD (1989) Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q 13(3):319\u2013340. https:\/\/doi.org\/10.2307\/249008","journal-title":"MIS Q"},{"key":"388_CR26","volume-title":"The Stanford encyclopedia of philosophy","author":"J DeCew","year":"2018","unstructured":"DeCew J (2018) Privacy. In: Zalta EN (ed) The Stanford encyclopedia of philosophy, spring 2018. Metaphysics Research Lab, Stanford University, Stanford","edition":"spring 2018"},{"issue":"1","key":"388_CR27","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/s00766-010-0115-7","volume":"16","author":"M Deng","year":"2011","unstructured":"Deng M, Wuyts K, Scandariato R, Preneel B, Joosen W (2011) A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir Eng 16(1):3\u201332. https:\/\/doi.org\/10.1007\/s00766-010-0115-7","journal-title":"Requir Eng"},{"key":"388_CR28","doi-asserted-by":"publisher","unstructured":"Easterbrook S, Singer J, Storey MA, Damian D (2008) Selecting empirical methods for software engineering research. In: Guide to advanced empirical SE. Springer, London, pp 285\u2013311. https:\/\/doi.org\/10.1007\/978-1-84800-044-5_11","DOI":"10.1007\/978-1-84800-044-5_11"},{"issue":"1","key":"388_CR29","doi-asserted-by":"publisher","first-page":"452","DOI":"10.1007\/s10664-017-9523-3","volume":"23","author":"D Falessi","year":"2018","unstructured":"Falessi D, Juristo N, Wohlin C, Turhan B, M\u00fcnch J, Jedlitschka A, Oivo M (2018) Empirical software engineering experts on the use of students and professionals in experiments. Empir Softw Eng 23(1):452\u2013489. https:\/\/doi.org\/10.1007\/s10664-017-9523-3","journal-title":"Empir Softw Eng"},{"issue":"2","key":"388_CR30","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1007\/s00766-010-0099-3","volume":"15","author":"R Ferrari","year":"2010","unstructured":"Ferrari R, Miller JA, Madhavji NH (2010) A controlled experiment to assess the impact of system architectures on new system requirements. Requirements Eng 15(2):215\u2013233. https:\/\/doi.org\/10.1007\/s00766-010-0099-3","journal-title":"Requirements Eng"},{"key":"388_CR31","doi-asserted-by":"publisher","unstructured":"Gharib M, Giorgini P, Mylopoulos J (2017) Towards an ontology for privacy requirements via a systematic literature review. In: Conceptual modeling. Springer, Cham, pp 193\u2013208. https:\/\/doi.org\/10.1007\/978-3-319-69904-2_16","DOI":"10.1007\/978-3-319-69904-2_16"},{"key":"388_CR32","doi-asserted-by":"publisher","unstructured":"Gharib M, Mylopoulos J, Giorgini P (2020) COPri\u2014a core ontology for privacy requirements engineering. In: International conference on research challenges in information science. Springer, Cham, pp 472\u2013489. https:\/\/doi.org\/10.1007\/978-3-030-50316-1_28","DOI":"10.1007\/978-3-030-50316-1_28"},{"issue":"1","key":"388_CR33","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/s10664-017-9517-1","volume":"23","author":"I Hadar","year":"2018","unstructured":"Hadar I, Hasson T, Ayalon O, Toch E, Birnhack M, Sherman S, Balissa A (2018) Privacy by designers: software developers\u2019 privacy mindset. Empir Softw Eng 23(1):259\u2013289. https:\/\/doi.org\/10.1007\/s10664-017-9517-1","journal-title":"Empir Softw Eng"},{"key":"388_CR34","doi-asserted-by":"publisher","unstructured":"Hart SG, Staveland LE (1988) Development of NASA-TLX (Task Load Index): results of empirical and theoretical research. In: Human mental workload, advances in psychology, vol\u00a052. North-Holland, pp 139\u2013183. https:\/\/doi.org\/10.1016\/S0166-4115(08)62386-9","DOI":"10.1016\/S0166-4115(08)62386-9"},{"key":"388_CR35","doi-asserted-by":"publisher","unstructured":"Heaps J, Krishnan R, Huang Y, Niu J, Sandhu R (2021) Access control policy generation from user stories using machine learning. In: Data and applications security and privacy XXXV. Springer, Cham, pp 171\u2013188. https:\/\/doi.org\/10.1007\/978-3-030-81242-3_10","DOI":"10.1007\/978-3-030-81242-3_10"},{"issue":"3","key":"388_CR36","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1023\/A:1026586415054","volume":"5","author":"M H\u00f6st","year":"2000","unstructured":"H\u00f6st M, Regnell B, Wohlin C (2000) Using students as subjects-a comparative study of students and professionals in lead-time impact assessment. Empir Softw Eng 5(3):201\u2013214. https:\/\/doi.org\/10.1023\/A:1026586415054","journal-title":"Empir Softw Eng"},{"key":"388_CR37","unstructured":"ISO I (2011) IEEE. 29148: 2011-systems and software engineering-requirements engineering. Technical report"},{"key":"388_CR38","doi-asserted-by":"publisher","first-page":"609","DOI":"10.1007\/978-3-030-04771-9_46","volume-title":"Software technologies: applications and foundations","author":"JLC Izquierdo","year":"2018","unstructured":"Izquierdo JLC, Salas J (2018) A uml profile for privacy enforcement. Software technologies: applications and foundations. Springer, Cham, pp 609\u2013616"},{"issue":"3","key":"388_CR39","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/s00766-008-0067-3","volume":"13","author":"C Kalloniatis","year":"2008","unstructured":"Kalloniatis C, Kavakli E, Gritzalis S (2008) Addressing privacy requirements in system design: the PriS method. Requir Eng 13(3):241\u2013255. https:\/\/doi.org\/10.1007\/s00766-008-0067-3","journal-title":"Requir Eng"},{"key":"388_CR40","doi-asserted-by":"publisher","unstructured":"Kalloniatis C, Kavakli E, Gritzalis S (2009) Methods for designing privacy aware information systems: a review. In: 2009 13th panhellenic conference on informatics. IEEE, pp 185\u2013194. https:\/\/doi.org\/10.1109\/PCI.2009.45","DOI":"10.1109\/PCI.2009.45"},{"key":"388_CR41","doi-asserted-by":"publisher","unstructured":"Kasauli R, Liebel G, Knauss E, Gopakumar S, Kanagwa B (2017) Requirements engineering challenges in large-scale agile system development. In: 2017 IEEE 25th international requirements engineering conference (RE). IEEE, pp 352\u2013361. https:\/\/doi.org\/10.1109\/RE.2017.60","DOI":"10.1109\/RE.2017.60"},{"key":"388_CR42","doi-asserted-by":"publisher","unstructured":"Labda W, Mehandjiev N, Sampaio P (2014) Modeling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th annual ACM symposium on applied computing. Association for Computing Machinery, New York, NY, USA, SAC \u201914, pp 1399\u20131405. https:\/\/doi.org\/10.1145\/2554850.2555014","DOI":"10.1145\/2554850.2555014"},{"key":"388_CR43","doi-asserted-by":"publisher","unstructured":"Lucassen G, Dalpiaz F, Van\u00a0der Werf J, Brinkkemper S (2016) The use and effectiveness of user stories in practice. In: Requirements engineering: foundation for software quality. Springer, Cham, pp 205\u2013222. https:\/\/doi.org\/10.1007\/978-3-319-30282-9_14","DOI":"10.1007\/978-3-319-30282-9_14"},{"issue":"3","key":"388_CR44","doi-asserted-by":"publisher","first-page":"383","DOI":"10.1007\/s00766-016-0250-x","volume":"21","author":"G Lucassen","year":"2016","unstructured":"Lucassen G, Dalpiaz F, Van der Werf JME, Brinkkemper S (2016) Improving agile requirements: the quality user story framework and tool. Requir Eng 21(3):383\u2013403. https:\/\/doi.org\/10.1007\/s00766-016-0250-x","journal-title":"Requir Eng"},{"key":"388_CR45","doi-asserted-by":"publisher","unstructured":"Lucassen G, Dalpiaz F, van\u00a0der Werf J, Brinkkemper S (2017) Improving user story practice with the grimm method: a multiple case study in the software industry. In: Requirements engineering: foundation for software quality. Springer, Cham, pp 235\u2013252. https:\/\/doi.org\/10.1007\/978-3-319-54045-0_18","DOI":"10.1007\/978-3-319-54045-0_18"},{"key":"388_CR46","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1016\/j.infsof.2018.04.007","volume":"100","author":"PX Mai","year":"2018","unstructured":"Mai PX, Goknil A, Shar LK, Pastore F, Briand LC, Shaame S (2018) Modeling security and privacy requirements: a use case-driven approach. Inf Softw Technol 100:165\u2013182. https:\/\/doi.org\/10.1016\/j.infsof.2018.04.007","journal-title":"Inf Softw Technol"},{"issue":"8","key":"388_CR47","doi-asserted-by":"publisher","first-page":"609","DOI":"10.1016\/j.is.2004.06.002","volume":"30","author":"H Mouratidis","year":"2005","unstructured":"Mouratidis H, Giorgini P, Manson G (2005) When security meets software engineering: a case of modelling secure information systems. Inf Syst 30(8):609\u2013629. https:\/\/doi.org\/10.1016\/j.is.2004.06.002","journal-title":"Inf Syst"},{"issue":"9","key":"388_CR48","doi-asserted-by":"publisher","first-page":"2276","DOI":"10.1016\/j.jss.2013.03.011","volume":"86","author":"H Mouratidis","year":"2013","unstructured":"Mouratidis H, Islam S, Kalloniatis C, Gritzalis S (2013) A framework to support selection of cloud providers based on security and privacy requirements. J Syst Softw 86(9):2276\u20132293. https:\/\/doi.org\/10.1016\/j.jss.2013.03.011","journal-title":"J Syst Softw"},{"issue":"1","key":"388_CR49","doi-asserted-by":"publisher","first-page":"13","DOI":"10.20982\/tqmp.04.1.p013","volume":"4","author":"N Nachar","year":"2008","unstructured":"Nachar N (2008) The Mann\u2013Whitney u: a test for assessing whether two independent samples come from the same distribution. Tutor Quant Methods Psychol 4(1):13\u201320. https:\/\/doi.org\/10.20982\/tqmp.04.1.p013","journal-title":"Tutor Quant Methods Psychol"},{"key":"388_CR50","unstructured":"Nguyen M (2010) Empirical evaluation of a universal requirements engineering process maturity model"},{"key":"388_CR51","doi-asserted-by":"publisher","DOI":"10.1515\/9780804772891","volume-title":"Privacy in context: technology, policy, and the integrity of social life","author":"H Nissenbaum","year":"2009","unstructured":"Nissenbaum H (2009) Privacy in context: technology, policy, and the integrity of social life. Stanford University Press, California"},{"key":"388_CR52","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/s00766-022-00373-9","volume":"27","author":"T Olsson","year":"2022","unstructured":"Olsson T, Sentilles S, Papatheocharous E (2022) A systematic literature review of empirical research on quality requirements. Requir Eng 27:249\u2013271. https:\/\/doi.org\/10.1007\/s00766-022-00373-9","journal-title":"Requir Eng"},{"key":"388_CR53","volume-title":"Goal-oriented requirements engineering with KAOS","author":"S Pachidi","year":"2009","unstructured":"Pachidi S (2009) Goal-oriented requirements engineering with KAOS. Utrecht University, Utrecht"},{"key":"388_CR54","doi-asserted-by":"publisher","unstructured":"Pullonen P, Matulevi\u010dius R, Bogdanov D (2017) PE-BPMN: privacy-enhanced business process model and notation. In: International conference on business process management. Springer, Cham, pp 40\u201356. https:\/\/doi.org\/10.1007\/978-3-319-65000-5_3","DOI":"10.1007\/978-3-319-65000-5_3"},{"key":"388_CR55","doi-asserted-by":"crossref","unstructured":"Rygge H, J\u00f8sang A (2018) Threat poker: solving security and privacy threats in agile software development. In: Nordic conference on secure IT systems. Springer, pp 468\u2013483","DOI":"10.1007\/978-3-030-03638-6_29"},{"key":"388_CR56","doi-asserted-by":"crossref","unstructured":"Salman I, Misirli AT, Juristo N (2015) Are students representatives of professionals in software engineering experiments? In: 2015 IEEE\/ACM 37th IEEE international conference on software engineering, vol\u00a01. IEEE, pp 666\u2013676","DOI":"10.1109\/ICSE.2015.82"},{"key":"388_CR57","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/s00766-021-00363-3","volume":"27","author":"PO Santos","year":"2022","unstructured":"Santos PO, de Carvalho MM (2022) Exploring the challenges and benefits for scaling agile project management to large projects: a review. Requir Eng 27:117\u2013134. https:\/\/doi.org\/10.1007\/s00766-021-00363-3","journal-title":"Requir Eng"},{"key":"388_CR58","unstructured":"Spafford EH, Ant\u00f3n AI (2007) The balance of privacy and security. In: Science and technology in society: from biotechnology to the internet"},{"issue":"1","key":"388_CR59","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1109\/TSE.2008.88","volume":"35","author":"S Spiekermann","year":"2009","unstructured":"Spiekermann S, Cranor LF (2009) Engineering privacy. IEEE Trans Softw Eng 35(1):67\u201382. https:\/\/doi.org\/10.1109\/TSE.2008.88","journal-title":"IEEE Trans Softw Eng"},{"issue":"3","key":"388_CR60","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/s00766-012-0153-4","volume":"18","author":"H Suleiman","year":"2013","unstructured":"Suleiman H, Svetinovic D (2013) Evaluating the effectiveness of the security quality requirements engineering (square) method: a case study using smart grid advanced metering infrastructure. Requir Eng 18(3):251\u2013279. https:\/\/doi.org\/10.1007\/s00766-012-0153-4","journal-title":"Requir Eng"},{"key":"388_CR61","doi-asserted-by":"crossref","unstructured":"Svahnberg M, Aurum A, Wohlin C (2008) Using students as subjects-an empirical evaluation. In: Proceedings of the second ACM-IEEE international symposium on Empirical software engineering and measurement, pp 288\u2013290","DOI":"10.1145\/1414004.1414055"},{"key":"388_CR62","doi-asserted-by":"publisher","unstructured":"Thomas K, Bandara AK, Price BA, Nuseibeh B (2014) Distilling privacy requirements for mobile applications. In: Proceedings of the 36th international conference on software engineering. Association for Computing Machinery, New York, NY, USA, ICSE 2014, pp 871\u2013882. https:\/\/doi.org\/10.1145\/2568225.2568240","DOI":"10.1145\/2568225.2568240"},{"issue":"2","key":"388_CR63","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1287\/mnsc.46.2.186.11926","volume":"46","author":"V Venkatesh","year":"2000","unstructured":"Venkatesh V, Davis FD (2000) A theoretical extension of the technology acceptance model: four longitudinal field studies. Manag Sci 46(2):186\u2013204","journal-title":"Manag Sci"},{"key":"388_CR64","unstructured":"Viitaniemi M (2017) Privacy by design in agile software development. Master\u2019s thesis, Tampere University of Technology"},{"issue":"3","key":"388_CR65","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.2018.2846576","volume":"46","author":"J Vilela","year":"2020","unstructured":"Vilela J, Castro J, Martins LEG, Gorschek T (2020) Safety practices in requirements engineering: the Uni-REPM safety module. IEEE Trans Softw Eng 46(3):222\u2013250. https:\/\/doi.org\/10.1109\/TSE.2018.2846576","journal-title":"IEEE Trans Softw Eng"},{"issue":"4","key":"388_CR66","doi-asserted-by":"publisher","first-page":"439","DOI":"10.1007\/s00766-020-00338-w","volume":"25","author":"H Villamizar","year":"2020","unstructured":"Villamizar H, Kalinowski M, Garcia A, Mendez D (2020) An efficient approach for reviewing security-related aspects in agile requirements specifications of web applications. Requir Eng 25(4):439\u2013468. https:\/\/doi.org\/10.1007\/s00766-020-00338-w","journal-title":"Requir Eng"},{"issue":"1","key":"388_CR67","doi-asserted-by":"publisher","first-page":"15","DOI":"10.19153\/cleiej.21.1.6","volume":"21","author":"S Wagner","year":"2018","unstructured":"Wagner S, M\u00e9ndez-Fern\u00e1ndez D, Kalinowski M, Felderer M (2018) Agile requirements engineering in practice: status quo and critical problems. CLEI Electron J 21(1):15. https:\/\/doi.org\/10.19153\/cleiej.21.1.6","journal-title":"CLEI Electron J"},{"issue":"2","key":"388_CR68","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1145\/3306607","volume":"28","author":"S Wagner","year":"2019","unstructured":"Wagner S, Fern\u00e1ndez DM, Felderer M, Vetr\u00f2 A, Kalinowski M, Wieringa R, Pfahl D, Conte T, Christiansson MT, Greer D, Lassenius C, M\u00e4nnist\u00f6 T, Nayebi M, Oivo M, Penzenstadler B, Prikladnicki R, Ruhe G, Schekelmann A, Sen S, Sp\u00ednola R, Tuzcu A, De La Vara JL, Winkler D (2019) Status quo in requirements engineering: a theory and a global family of surveys. ACM Trans Softw Eng Methodol (TOSEM) 28(2):9. https:\/\/doi.org\/10.1145\/3306607","journal-title":"ACM Trans Softw Eng Methodol (TOSEM)"},{"key":"388_CR69","volume-title":"Privacy and freedom","author":"AF Westin","year":"1967","unstructured":"Westin AF, Ruebhausen OM (1967) Privacy and freedom, vol 1. Atheneum, New York"},{"key":"388_CR70","doi-asserted-by":"crossref","unstructured":"Wohlin C, H\u00f6st M, Henningsson K (2003) Empirical research methods in software engineering. In: Empirical methods and studies in software engineering. Springer, pp 7\u201323","DOI":"10.1007\/978-3-540-45143-3_2"},{"key":"388_CR71","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29044-2","volume-title":"Experimentation in software engineering","author":"C Wohlin","year":"2012","unstructured":"Wohlin C, Runeson P, H\u00f6st M, Ohlsson MC, Regnell B, Wessl\u00e9n A (2012) Experimentation in software engineering. Springer, Berlin. https:\/\/doi.org\/10.1007\/978-3-642-29044-2"},{"key":"388_CR72","doi-asserted-by":"publisher","unstructured":"Peixoto M, Silva C, Lima R, Ara \u0301ujo J, Gorschek T, Silva J (2019) PCM Tool: Privacy Requirements Specification in Agile Software Development. In: 10th Brazilian Software Conference: Theory and Practice (CBSoft\u201919), Extended Annals of the, SBC, Porto Alegre, RS, Brasil, pp 108\u2013113. https:\/\/doi.org\/10.5753\/cbsoft_estendido.2019.7666","DOI":"10.5753\/cbsoft_estendido.2019.7666"},{"key":"388_CR73","doi-asserted-by":"publisher","unstructured":"Peixoto MM, Silva C (2018) Specifying privacy requirements with goal-oriented modeling lanuages. In: Proceedings of the XXXII Brazilian Symposium on Software Engineering, Association for Computing Machinery, New York, NY, USA, SBES\u201918, pp 112\u2013121. https:\/\/doi.org\/10.1145\/3266237.3266270","DOI":"10.1145\/3266237.3266270"},{"key":"388_CR74","doi-asserted-by":"publisher","unstructured":"Peixoto M, Ferreira D, Cavalcanti M, Silva C, Vilela J, Ara\u00fajo J, Gorschek T (2020) On undertanding how developers perceive and interpret privacy requirements research preview. In: Requirements Engineering: Foundation for Software Quality: 26th International Working Conference, REFSQ 2020, Pisa, Italy, March 24\u201327, 2020, Proceedings, Springer-Verlag, Berlin, Heidelberg, pp 116\u2013123.\u00a0https:\/\/doi.org\/10.1007\/978-3-030-44429-7_8","DOI":"10.1007\/978-3-030-44429-7_8"},{"key":"388_CR75","doi-asserted-by":"publisher","unstructured":"Medeiros J, Vasconcelos A, Silva C, Goul\u00e3o M (2018) Quality of software requirements specification in agile projects: A cross-case analysis of six companies. J Syst Softw 142:171\u2013194. https:\/\/doi.org\/10.1016\/j.jss.2018.04.064","DOI":"10.1016\/j.jss.2018.04.064"},{"key":"388_CR76","doi-asserted-by":"publisher","first-page":"876","DOI":"10.1007\/s11390-018-1864-x","volume":"33","author":"L Zhang","year":"2018","unstructured":"Zhang L, Tian JH, Jiang J, Liu YJ, Pu MY, Yue T (2018) Empirical research in software engineering\u2014a literature survey. J Comput Sci Technol 33:876\u2013899. https:\/\/doi.org\/10.1007\/s11390-018-1864-x","journal-title":"J Comput Sci Technol"}],"container-title":["Requirements Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00766-022-00388-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00766-022-00388-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00766-022-00388-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,10]],"date-time":"2023-05-10T23:39:46Z","timestamp":1683761986000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00766-022-00388-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,9,18]]},"references-count":76,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2023,6]]}},"alternative-id":["388"],"URL":"https:\/\/doi.org\/10.1007\/s00766-022-00388-2","relation":{},"ISSN":["0947-3602","1432-010X"],"issn-type":[{"type":"print","value":"0947-3602"},{"type":"electronic","value":"1432-010X"}],"subject":[],"published":{"date-parts":[[2022,9,18]]},"assertion":[{"value":"6 November 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 August 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 September 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Code availability"}},{"value":"Ethical considerations need to be addressed when research involves humans. Therefore, when the studies were scheduled, the participants were informed of the research objectives. In addition, the participants were informed that their identities would be kept confidential. Also they answered a informed consent document. Students in the experiment participated voluntarily. Students in the feasibility study received a partial grade. However, the partial grade had not enough weight in the student\u2019s total grade, if he did not perform the specification satisfactorily.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval"}},{"value":"Study participants agreed through informed consent.","order":5,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent to participate"}},{"value":"Study participants agreed through informed consent.","order":6,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}}]}}