Dealing with security projects in practice – SPICE and security – Quo vadis?