Cybersecurity Certification for Agile and Dynamic Software Systems - a Process-Based Approach

被引:1
作者
Lotz, Volkmar [1 ]
机构
[1] SAP Labs France, SAP Secur Res, Mougins, France
来源
2020 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW 2020) | 2020年
基金
欧盟地平线“2020”;
关键词
security; certification; agile development; software;
D O I
10.1109/EuroSPW51379.2020.00021
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this extended abstract, we outline an approach for security certification of products or services for modern commercial systems that are characterized by agile development, the integration of development and operations, and high dynamics of system features and structures. The proposed scheme rather evaluates the processes applied in development and operations than investigates into the validity of the product properties itself. We argue that the resulting claims are still suitable to increase the confidence in the security of products and services resulting from such processes.
引用
收藏
页码:85 / 88
页数:4
相关论文
共 10 条
[1]  
[Anonymous], 2010, CMMI-DEV
[2]  
[Anonymous], 2004, 15504 ISOIEC
[3]  
[Anonymous], 2011, 27034 ISOIEC
[4]  
[Anonymous], 1985, DEP DEFENSE TRUSTED
[5]  
Building Security in Maturity Model (BSIMM), 2023, Report 14
[6]   DevOps [J].
Ebert, Christof ;
Gallardo, Gorka ;
Hernantes, Josune ;
Serrano, Nicolas .
IEEE SOFTWARE, 2016, 33 (03) :94-100
[7]  
ECSO, CERT LAB SUPPL CHAIN
[8]  
European Commission, 2017, JOIN2017450 EUR COMM
[9]   Building more secure software with improved development processes [J].
Howard, M .
IEEE SECURITY & PRIVACY, 2004, 2 (06) :63-65
[10]  
ISO, 2017, Tech. rep. 15408
1