Under CopyrightGroßmann, Jürgen2022-03-1212.12.20152015https://publica.fraunhofer.de/handle/publica/38936610.24406/publica-fhg-389366Mobile devices, industrial equipment and facilities, smart grids, and even vehicles are connected via the Internet and becoming accessible and thus vulnerable to security breaches and hacker attacks. Software that runs this kind of system is exposed to a large number of different threats that pose special requirements on the quality and robustness of the software. These requirements can only be identified and met if security and privacy risks and their impact are systematically considered already during the early phases of the software development and quality assurance processes. A systematic and capable security risk and quality assessment program and its tight integration within the software development life cycle are key to building and maintaining secure and dependable software-­based infrastructures. The SASSI workshop will provide a forum to discuss innovative approaches to security assessment, security testing and security certification for software-­based systems. Experts from industry and academia will present and discuss their solutions to key issues like legal-­risk analysis, security risk analysis, risk-­based engineering, vulnerability testing, model based security testing, standardization, and certification. The workshop has a special focus on the interaction between innovations and industrial requirements, especially when security meets the demands of cost efficiency and scalability. The contributions originate from industrial practice and are complemented by industry grade research results from national and international research projects.en004conference proceeding