A Light-Weight Tool for the Self-assessment of Security Compliance in Software Development: An Industry CaseShow others and affiliations
2020 (English)In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) / [ed] Chatzigeorgiou A.,Dondi R.,Herodotou H.,Kapoutsis C.,Manolopoulos Y.,Papadopoulos G.A.,Sikora F., Springer , 2020, p. 403-416Conference paper, Published paper (Refereed)
Abstract [en]
Companies are often challenged to modify and improve their software development processes in order to make them compliant with security standards. The complexity of these processes renders it difficult for practitioners to validate and foresee the effort required for compliance assessments. Further, performing gap analyses when processes are not yet mature enough is costly and involving auditors in early stages is, in our experience, often inefficient. An easier and more productive approach is conducting a self-assessment. However, practitioners, in particular developers, quality engineers, and product owners face difficulties to identify security-relevant process artifacts as required by standards. They would benefit from a proper and light-weight tool to perform early compliance assessments of their processes w.r.t. security standards before entering an in-depth audit. In this paper, we report on our current effort at Siemens Corporate Technology to develop such a light-weight assessment tool to assess the security compliance of software development processes with the IEC 62443-4-1 standard, and we discuss first results from an interview-based evaluation. © 2020, Springer Nature Switzerland AG.
Place, publisher, year, edition, pages
Springer , 2020. p. 403-416
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349
Keywords [en]
Secure development process, Secure software engineering, Security assessment, Security standards, Tool-support, Computer software, Regulatory compliance, Development process, Tool support, Software design
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-19236DOI: 10.1007/978-3-030-38919-2_33ISI: 000655605200033Scopus ID: 2-s2.0-85079091124ISBN: 9783030389185 (print)OAI: oai:DiVA.org:bth-19236DiVA, id: diva2:1394935
Conference
46th International Conference on Current Trends in Theory and Practice of Computer Science, SOFSEM; Limassol; Cyprus; 20 January 2020 through 24 January 2020
Part of project
SERT- Software Engineering ReThought, Knowledge Foundation2020-02-202020-02-202023-03-24Bibliographically approved