Home // CYBER 2025, The Tenth International Conference on Cyber-Technologies and Cyber-Systems // View article
Authors:
Damjan Fujs
Damjan Vavpotič
Tomaž Hovelja
Marko Poženel
Keywords: security requirements engineering; experiment; prioritization; estimation
Abstract:
This study investigates how access to Large Language Models (LLMs) and varying levels of professional software development experience affect the prioritization of cybersecurity requirements for web applications. Twenty-three postgraduate students participated in a research study to prioritize security requirements (SRs) using the MoSCoW method and subsequently rated their proposed solutions against multiple evaluation criteria. We divided participants into two groups (one with and the other without access to LLM support during the task). Results showed no significant differences related to LLM use, suggesting that access to LLMs did not noticeably influence how participants evaluated cybersecurity solutions. However, statistically significant differences emerged between experience groups for certain criteria, such as estimated cost to develop a feature, perceived impact on user experience, and risk assessment related to non-implementation of the proposed feature. Participants with more professional experience tended to provide higher ratings for user experience impact and lower risk estimates.
Pages: 13 to 17
Copyright: Copyright (c) IARIA, 2025
Publication date: September 28, 2025
Published in: conference
ISSN: 2519-8599
ISBN: 978-1-68558-295-1
Location: Lisbon, Portugal
Dates: from September 28, 2025 to October 2, 2025