Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Light-Weight Tool for the Self-assessment of Security Compliance in Software Development: An Industry Case
Siemens AG, DEU.
Technical University of Munich, DEU.
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.
Infodas GmbH, DEU.
Show others and affiliations
2020 (English)In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) / [ed] Chatzigeorgiou A.,Dondi R.,Herodotou H.,Kapoutsis C.,Manolopoulos Y.,Papadopoulos G.A.,Sikora F., Springer , 2020, p. 403-416Conference paper, Published paper (Refereed)
Abstract [en]

Companies are often challenged to modify and improve their software development processes in order to make them compliant with security standards. The complexity of these processes renders it difficult for practitioners to validate and foresee the effort required for compliance assessments. Further, performing gap analyses when processes are not yet mature enough is costly and involving auditors in early stages is, in our experience, often inefficient. An easier and more productive approach is conducting a self-assessment. However, practitioners, in particular developers, quality engineers, and product owners face difficulties to identify security-relevant process artifacts as required by standards. They would benefit from a proper and light-weight tool to perform early compliance assessments of their processes w.r.t. security standards before entering an in-depth audit. In this paper, we report on our current effort at Siemens Corporate Technology to develop such a light-weight assessment tool to assess the security compliance of software development processes with the IEC 62443-4-1 standard, and we discuss first results from an interview-based evaluation. © 2020, Springer Nature Switzerland AG.

Place, publisher, year, edition, pages
Springer , 2020. p. 403-416
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349
Keywords [en]
Secure development process, Secure software engineering, Security assessment, Security standards, Tool-support, Computer software, Regulatory compliance, Development process, Tool support, Software design
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-19236DOI: 10.1007/978-3-030-38919-2_33ISI: 000655605200033Scopus ID: 2-s2.0-85079091124ISBN: 9783030389185 (print)OAI: oai:DiVA.org:bth-19236DiVA, id: diva2:1394935
Conference
46th International Conference on Current Trends in Theory and Practice of Computer Science, SOFSEM; Limassol; Cyprus; 20 January 2020 through 24 January 2020
Part of project
SERT- Software Engineering ReThought, Knowledge FoundationAvailable from: 2020-02-20 Created: 2020-02-20 Last updated: 2023-03-24Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Mendez, Daniel

Search in DiVA

By author/editor
Mendez, Daniel
By organisation
Department of Software Engineering
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 167 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf