ISMA 14 conference: The ‘functional side’ of Security – how to apply FPA to a typical non-functional attribute

The ‘functional side’ of Security – how to apply FPA to a typical non-functional attribute (approved as CFPS Certification Extension Program Activity)

Luigi Buglione (IFPUG / Engineering Ingegneria Informatica SpA)


  • What is ‘security’
  • Coming back to definitions: FUR vs NFR
  • How security is managed in a typical ICT system
  • What is the role of measurement, FPA, and SNAP in security
  • Which is the impact on your FPA counts

Security is one of the ISO/IEC 25010:2011 characteristics, thus seen as a non-functional attribute and is also considered in IFPUG SNAP within §1.3. But are we sure that security wouldn’t have also its ‘functional side’? From the login process on, each functionality can be browsed and accessed only verifying that such user is allowed to do that but – at the same time – each passage must be logged because of the security system’s (user) viewpoint. Thus, the presentation will discuss and present – according to IFPUG FPA rules – which should be the way to consider both sides of security, including the ‘functional’ one and its impact on a final FPA count.

About the speaker:

Luigi Buglione is a Measurement & Process Improvement Specialist at Engineering Ingegneria Informatica SpA (formerly Atos Origin Italy and SchlumbergerSema) in Rome, Italy and Associate Professor at the École de Technologie Supérieure (ETS) – Université du Québec, Canada. Previously, he worked as a Software Process Engineer at the European Software Institute (ESI) in Bilbao, Spain. Luigi is currently the IFPUG Director for Conference and Education and the President of GUFPI-ISMA (Italian Software Metrics Association). Measurement Certifications: IFPUG CFPS, CSP, CSMS and COSMIC CCFL. He’s a regular speaker at international Conferences on Software/Service Measurement, Process Improvement and Quality, actively part of several International (ISO WG10-25-40, IFPUG, COSMIC, ISBSG, MAIN) and National (GUFPI-ISMA, AutomotiveSPIN Italy, AICQ, itSMF Italy) technical associations on such issues. He developed and was part of ESPRIT and of Basque Government projects on metric programs, EFQM models, the Balanced IT Scorecard and QFD for software and is a reviewer of the SWEBOK project (2004 and 2010 editions). He achieved several certifications, included IFPUG CFPS, CSP and CSMS. He received a Ph.D in Management Information Systems from LUISS Guido Carli University (Rome, Italy) and a degree cum laude in Economics from the University of Rome “La Sapienza”, Italy. Info: