Early evaluation of security functionality in software projects - some experience on using the common criteria in a quality management process

  • This paper documents the experiences of assurance evaluation during the early stage of a large software development project. This project researches, contracts and integrates privacy-respecting software to business environments. While assurance evaluation with ISO 15408 Common Criteria (CC) within the certification schemes is done after a system has been completed, our approach executes evaluation during the early phases of the software life cycle. The promise is to increase quality and to reduce testing and fault removal costs for later phases of the development process. First results from the still-ongoing project suggests that the Common Criteria can define a framework for assurance evaluation in ongoing development projects.
  • Dieses Papier dokumentiert den Versuch, mittels der Common Criteria nach ISO 15408 bereits während der Erstellung eines Softwaresystems dessen Sicherheitseigenschaften zu überprüfen. Dies geschieht im Gegensatz zur üblichen Post-Entwicklungs-Evaluation.

Export metadata

Additional Services

Share in Twitter Search Google Scholar
Author:Tobias Scherner, Lothar Fritsch
Document Type:Report
Year of Completion:2007
Year of first Publication:2007
Publishing Institution:Universitätsbibliothek Johann Christian Senckenberg
Release Date:2007/06/04
Tag:Datenschutz; Mehrseitige Sicherheit; Zertifizierung; technischer Datenschutz
Assurance; Certification; Common Criteria; ISO 15408; Information Security; Privacy
GND Keyword:Zertifizierung; Software Engineering; Trusted Computing; Internationaler Datenschutz
Institutes:Wirtschaftswissenschaften / Wirtschaftswissenschaften
Dewey Decimal Classification:0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 004 Datenverarbeitung; Informatik
Licence (German):License LogoDeutsches Urheberrecht