Addressing the Continuity of Software Security for Embedded Devices
Modern feature-oriented development requires fast release cycles for SW of connected devices already deployed in the field. For IoT sectors such as critical infrastructures as well as industrial IoT, the security of such systems is of high importance for the business continuity as well as country level safety. Additionally, underlying hardware is becoming more complex yielding more functionality, multiple developing organizations and ultimately more security issues. The networking capabilities and the addition of new interfaces lead to a growing attack surface, and a higher risk of scalable exploits.
In this changing world, various evaluation approaches that are centered around the well-defined comparatively isolated products are falling more and more short in addressing the security needs of a faster and more dynamic industry. This presentation will discuss how the market is addressing these issues as well as our proposals for improvements aiming at efficiently establishing and maintaining software security assurance continuity that keeps-up with the rapid development. The presentation is based on the speaker’s proposal for rethinking and evolving traditional approaches by: Considering and relying more on the maturity of the development and deployment processes of the developer; Providing additional input for the assurance continuity process in the baseline evaluation; Tailoring the assurance continuity process to the scope and the criticality of the changes.
In this presentation, the speaker will provide an overview of the current status as well as propose a way forward to increase the efficiency of software security assurance continuity processes in the context of embedded devices and tailor them to rapid product development.