Cybersecurity Certification for Agile and Dynamic Software Systems - a Process-Based Approach

被引：1

作者：

Lotz, Volkmar ^{[1
]}

机构：

[1] SAP Labs France, SAP Secur Res, Mougins, France

来源：

2020 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2020) | 2020年

基金：

欧盟地平线“2020”;

关键词：

security; certification; agile development; software;

D O I：

10.1109/EuroSPW51379.2020.00021

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this extended abstract, we outline an approach for security certification of products or services for modern commercial systems that are characterized by agile development, the integration of development and operations, and high dynamics of system features and structures. The proposed scheme rather evaluates the processes applied in development and operations than investigates into the validity of the product properties itself. We argue that the resulting claims are still suitable to increase the confidence in the security of products and services resulting from such processes.

引用

页码：85 / 88

页数：4

共 10 条

[1] [Anonymous], 2010, CMMI DEV VERS 1 3 CM
[2] [Anonymous], 2011, 27034 ISOIEC
[3] [Anonymous], 2004, 15504 ISOIEC
[4] [Anonymous], 1985, DEP DEFENSE TRUSTED
[5] bsimm, BUILD SEC MAT MOD
[6] DevOps
Ebert, Christof
Gallardo, Gorka
Hernantes, Josune
Serrano, Nicolas
[J]. IEEE SOFTWARE, 2016, 33 (03) : 94 - 100
[7] ECSO, CERT LAB SUPPL CHAIN
[8] European Commission, 2017, JOIN2017450 EUR COMM
[9] Building more secure software with improved development processes
Howard, M
[J]. IEEE SECURITY & PRIVACY, 2004, 2 (06) : 63 - 65
[10] ISO, 2017, Tech. rep. 15408

← 1 →