ACSC
Project description
Nowadays, almost every software-intensive system must comply with requirement from security-relevant regulations and standards, such as ISO 27001 or IEC 62443. Manual compliance analyses with such requirements is resource-intensive and error-prone, and it hinders the adoption of continuous software development methods like agile.
The inherent challenges between continuous software development and reproducibly complying with security requirements is one key challenge in large-scale industrial software development. Automating security compliance activities, where possible and appropriate, therefore offers a way to ensure strong long-term competitiveness in the market.
Research contribution
fortiss analyzes the challenges in automated security compliance activities in practice. Considering the relevance of the challenges and the automation potential they bare, fortiss designs and integrates solutions in ongoing project with relevant security requirements. Thus, the limitations of automation are explored, and specific solutions are developed and tested in practice to ensure their usefulness.
Funding
Project duration
01.09.2023 - 31.08.2026
Project partner
Publications
- Industrial Challenges in Secure Continuous Development In 46th International Conference on Software Engineering: Software Engineering in Practice, 2024. ACM. Details DOI BIB
- Automated Security Findings Management: A Case Study in Industrial DevOps In 46th International Conference on Software Engineering: Software Engineering in Practice, 2024. ACM. Details DOI BIB
- Towards Automated Continuous Security Compliance In Proceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, 2024. ACM. Details DOI BIB


