Security Evaluation and Certification of a Dynamic Software Product – an Experience Report

Session: Secure software development, Wed., Sep. 16, 11:00 - 11:30

The security evaluation and certification of a dynamic software product according to ISO/IEC 15408 (Common Criteria) poses a major challenge – particularly because the rigid standards of the norm have to be harmonized with the need for rapid changes of the software (eg. security updates). The presentation illustrates how to master this challenge of bridging the gap between norm and reality by adapting the system and the development process on the example of the first certification of a so-called Remote Controlled Browser System (ReCoBS).

About Roman Maczkowsky:
Roman Maczkowsky is managing director of m-privacy GmbH, Berlin. He is accredited and certified auditor for ISO 27001 and has more than 10 years experience as trainer and consultant for data protection officers and it-security managers. Furthermore, he is responsible manager for the certification of TightGate-Pro CC.