Making Evaluation Schemes Scale Up: the Tensegrity of Process and Product
There is an increasing awareness of the need for CyberSecurity as a hygiene factor for cyber products in general, as well as for more specialised security applications. That means we need CyberSecurity evaluations schemes to scale up to deal with larger numbers of products than we have traditionally dealt with. But this leads us directly into the problem of how to achieve effective evaluations while product version lifetimes shrink (and perhaps blur completely under SaaS/subscription models). Drawing on the lessons from a variety of past schemes, including deliberate evolutions intended to correct previous problems, this presentation will identify ways of combining targeted evaluation of both process and product, and essential linkages between them, to achieve schemes that can face the new problems of large-scale CyberSecurity improvement without reinventing (too many) wheels.