Security Assessment for Systems, Services, and Infrastructures
Mobile devices, industrial equipment and facilities, smart grids, and even vehicles are connected via the Internet and becoming accessible and thus vulnerable to security breaches and hacker attacks. Software that runs this kind of system is exposed to a large number of different threats that pose special requirements on the quality and robustness of the software. These requirements can only be identified and met if security and privacy risks and their impact are systematically considered already during the early phases of the software development and quality assurance processes.
A systematic and capable security risk and quality assessment program and its tight integration within the software development life cycle are key to building and maintaining secure and dependable software-based infrastructures.
The SASSI workshop will provide a forum to discuss innovative approaches to security assessment, security testing and security certification for software-based systems. Experts from industry and academia will present and discuss their solutions to key issues like legal-risk analysis, security risk analysis, risk-based engineering, vulnerability testing, model based security testing, standardization, and certification. The workshop has a special focus on the interaction between innovations and industrial requirements, especially when security meets the demands of cost efficiency and scalability. The contributions originate from industrial practice and are complemented by industry grade research results from national and international research projects.
A systematic and comprehensive identification of security and compliance risks forms the basis for all relevant development and quality assurance activities. Within this session, we discuss innovative approaches and techniques for security risk and compliance assessment and their tight integration with activities in the software development and quality assurance process.
The design and development of secure software is a multidisciplinary task that requires a close cooperation between security experts and software developers. This session will discuss new approaches in secure software development that are particularly characterized by their tight integration with risk analysis.
The identification of security related errors, vulnerabilities and security holes is expensive, complex and usually not comprehensive. This session addresses new methods and techniques that integrate security testing with risk assessment and thus allow for a more precise, effective and targeted discovery of vulnerabilities.