Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Towards efficient security assurance for incremental software development the case of zen cart application

: Ali, A.; Othmane, L. ben


Institute of Electrical and Electronics Engineers -IEEE-:
11th International Conference on Availability, Reliability and Security, ARES 2016 : Salzburg, Austria, 31 August - 2 September 2016; Proceedings
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2016
ISBN: 978-1-5090-0990-9
ISBN: 978-1-5090-0989-3
ISBN: 978-1-5090-0991-6
International Conference on Availability, Reliability and Security (ARES) <11, 2016, Salzburg>
Conference Paper
Fraunhofer SIT ()

Incremental software development methods, such as Scrum embrace code changes to meet changing customer requirements. However, changing the code of a given software invalidates the security assurance of the software. Thus, each new version of a given software requires a new full security assessment. This paper investigates the impact of incremental development of software on their security assurances using the e-commerce software Zen Cart as a case study. It also describes a prototype we are developing to design security assurance cases and trace the impact of code changes on the security assurance of the given software. A security assurance case shows how a claim, such as "The system is acceptably secure" is supported by objective evidence.