Engineering more secure software has become a critical challenge in the cyber world. It is very important to develop methodologies, techniques, and tools for developing secure software. To develop secure software, software developers need to think like an attacker through mining software repositories. These aim to analyze and understand the data repositories related to software development. The main goal is to use these software repositories to support the decision-making process of software development. There are different vulnerability databases like Common Weakness Enumeration (CWE), Common Vulnerabilities and Exposures database (CVE), and CAPEC. We utilized a database called MITRE. MITRE ATT&CK tactics and techniques have been used in various ways and methods, but tools for utilizing these tactics and techniques in the early stages of the software development life cycle (SDLC) are lacking. In this paper, we use machine learning algorithms to map requirements to the MITRE ATT&CK database and determine the accuracy of each mapping depending on the data split.

翻译：在网络世界中，开发更安全的软件已成为一项关键挑战。开发安全软件的方法、技术和工具至关重要。为了开发安全软件，软件开发人员需要通过挖掘软件仓库，像攻击者一样思考。这些工作旨在分析与理解与软件开发相关的数据仓库。其主要目标是利用这些软件仓库来支持软件开发的决策过程。存在多种漏洞数据库，如通用弱点枚举（CWE）、通用漏洞与暴露数据库（CVE）以及CAPEC。我们使用了一个名为MITRE的数据库。MITRE ATT&CK战术与技术已被应用于多种方式和方法中，但在软件开发生命周期（SDLC）早期阶段利用这些战术与技术的工具仍较为缺乏。本文中，我们使用机器学习算法将需求映射到MITRE ATT&CK数据库，并根据数据划分确定每次映射的准确率。