ACSC

ACSC

Towards Automated Continuous Security Compliance

ACSC

The project ACSC (Automated Continuous Security Compliance) operates in the stress field between continuous software development and the compliance of software intensive-products to security-relevant requirements. We explore challenges and opportunities of automated security compliance activities, design and implement solutions, and we evaluate them in an industrial context.

Project description

Nowadays, almost every software-intensive system must comply with requirement from security-relevant regulations and standards, such as ISO 27001 or IEC 6243. Manual compliance analyses with such requirements is resource-intensive and error-prone, and it hinders the adoption of continuous software development methods like agile.

The inherent challenges between continuous software development and reproducibly complying with security requirements is one key challenge in large-scale industrial software development. Automating security compliance activities, where possible and appropriate, therefore offers a way to ensure strong long-term competitiveness in the market.

Research contribution

fortiss analyzes the challenges in automated security compliance activities in practice. Considering the relevance of the challenges and the automation potential they bare, fortiss designs and integrates solutions in ongoing project with relevant security requirements. Thus, the limitations of automation are explored, and specific solutions are developed and tested in practice to ensure their usefulness.

Funding

Project duration

01.09.2023 - 31.08.2026

 Florian Angermeir

Your contact

Florian Angermeir

+49 89 3603522 279
angermeir@fortiss.org

Project partner

Publications

  • 2024 Industrial Challenges in Secure Continuous Development Fabiola Moyón , Florian Angermeir and Daniel Mendez In 46th International Conference on Software Engineering: Software Engineering in Practice, 2024. ACM. Details DOI BIB
  • 2024 Automated Security Findings Management: A Case Study in Industrial DevOps Markus Voggenreiter , Florian Angermeir , Fabiola Moyón , Ulrich Schöpp and Pierre-Louis Bonvin In 46th International Conference on Software Engineering: Software Engineering in Practice, 2024. ACM. Details DOI BIB
  • 2024 Towards Automated Continuous Security Compliance Florian Angermeir , Jannik Fischbach , Fabiola Moyón and Daniel Mendez In Proceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, 2024. ACM. Details DOI BIB