Scandariato, RiccardoRiccardoScandariatoPaci, FedericaFedericaPaciTran, Le Minh SangLe Minh SangTranLabunets, KatsiarynaKatsiarynaLabunetsYskout, KoenKoenYskoutMassacci, FabioFabioMassacciJoosen, WouterWouterJoosen2023-02-242023-02-242014Lecture Notes in Computer Science 8431: 35-64 (2014)978-3-319-07452-8978-3-319-07451-1http://hdl.handle.net/11420/14887Over the past three years, our groups at the University of Leuven and the University of Trento have been conducting a number of experimental studies. In particular, two common themes can be easily identified within our work. First, we have investigated the value of several threat modeling and risk assessment techniques. The second theme relates to the problem of preserving security over time, i.e., security evolution. Although the empirical results obtained in our studies are interesting on their own, the main goal of this chapter is to share our experience. The objective is to provide useful, hands-on insight on this type of research work so that the work of other researchers in the community would be facilitated. The contribution of this chapter is the discussion of the challenges we faced during our experimental work. Contextually, we also outline those solutions that worked out in our studies and could be reused in the field by other studies.enEmpirical researchRequirementsSecuritySoftware architectureInformatikBook part10.1007/978-3-319-07452-8_2Other