Towards Automated Continuous Security Compliance
Nowadays, almost every software-intensive system must comply with requirement from security-relevant regulations and standards, such as ISO 27001 or IEC 6243. Manual compliance analyses with such requirements is resource-intensive and error-prone, and it hinders the adoption of continuous software development methods like agile.
The inherent challenges between continuous software development and reproducibly complying with security requirements is one key challenge in large-scale industrial software development. Automating security compliance activities, where possible and appropriate, therefore offers a way to ensure strong long-term competitiveness in the market.
fortiss analyzes the challenges in automated security compliance activities in practice. Considering the relevance of the challenges and the automation potential they bare, fortiss designs and integrates solutions in ongoing project with relevant security requirements. Thus, the limitations of automation are explored, and specific solutions are developed and tested in practice to ensure their usefulness.
01.09.2023 - 31.08.2026