A Security Requirements Engineering Tool for Domain Engineering in Software Product Lines weaknesses found, we can highlight the fact that none of the tools provide adequate techniques for the specification of security requirements, security use cases, misuse cases, and so on. Moreover, these tools do not provide any methodological support for automated security requirements management and for fundamental activities, such as risk evaluation, and neither do they provide compliance with the security standards regarding security requirements which are currently most relevant (such as Common Criteria (ISO / IEC 15408), ISO / IEC 27001). In brief, the main contributions of SREP- PLineTool with regard to the former proposals are as follows: · SPL has become the most successful ap- proach in the reuse field (Laguna and Gonzalez-Baixauli, 2005), therefore SREPPLineTool is a reuse-based tool based on a security reference model imple- mented by dynamic repositories of secu- rity artefacts, signifying that threats and requirements and their specifications, se- curity features, security objectives, assets, countermeasures and tests, are reused. Thus, the quality of these artefacts is suc- cessively increased in each new product or new version of the SPL products. It facilitates both the management and the visualization of the artefacts variability and traceability, and the automated integra- tion of the security requirements with the remaining security artefacts and lifecycle activities in the SPL development para- digm, not only with the other requirements but also with other artefacts of the SPL lifecycle (such as features or goals). SREPPLineTool is a standard-centred tool. It assists in the development of ISs which conform to the most important cur- rent security standards in various activities of the requirements engineering process. It integrates the CC (ISO/IEC 15408) se- · · curity functional requirements within the elicitation of security requirements and it also introduces the CC security assurance requirements into the requirements in- spection. In addition, it conforms to ISO/ IEC 13335 (GMITS) in carrying out risk assessment and facilitates conformance to those sections of ISO/IEC 17799:2005 (sections: 0.3, 0.4, 0.6 and 12.1) and ISO/ IEC 27001:2005 (sections: 4.2.1, 4.2.3, 4.3, 6.a, 6.b and A.12.1.1) which concern security requirements. SREPPLineTool integrates the latest secu- rity requirements specification techniques (such as security use cases (Firesmith, 2003b), misuse cases and attack trees (Sindre & Opdahl, 2005; Opdahl & Sindre, 2008), and UMLsec (Jürjens, 2002a), which will be included in the next version of our tool). It automates report generation. The SREPPLine process, together with the SREPPLineTool, therefore cover a wider area, and support Software Product Lines architecture with the elicitation and specification of security requirements. · CONCLUSION AND FUTURE TRENDS Software security is currently generating a grow- ing interest, particularly in SPL and SOA, due to the fact that security requirements issues are extremely important in both paradigms and be- cause a weakness in security can cause problems in all the products of a product line or in all the products that use a vulnerable service. Although there have been several attempts to fill the gap between requirements engineering and SPL re- quirements engineering, a systematic approach or tool support with which to define security quality requirements and manage their variability and the · 89