دانلود کتاب Advancing Software Security in the EU: The role of the EU cybersecurity certification framework
by ENISA
|
عنوان فارسی: پیشرفت امنیت نرم افزار در اتحادیه اروپا: نقش چارچوب صدور گواهینامه امنیت سایبری اتحادیه اروپا |
دانلود کتاب
جزییات کتاب
This study discusses some key elements of software security and provides a concise overview of the most relevant existing approaches and standards while identifying shortcomings associated with the secure software development landscape, related to different inherent aspects of the process. Lastly, it provides a number of practical considerations relevant to the different aspects of software development within the newly established EU cybersecurity certification framework and the EU cybersecurity certification schemes. These considerations are listed below:
Manufacturer(s) or provider(s) of certified ICT products, ICT services or ICT processes, should explore the deployment and maintenance of repositories not only for publicly disclosed vulnerabilities but also for shared security aspects of certified products, services and processes towards aligning on requirement commonalities and ways to mitigate common security risks.
Following the publication of the Union Rolling Work Programme, European Standards Organizations (ESOs) and Standards Developing Organization (SDOs) should coordinate on the priority areas they can support, put forward standardization activities to benefit the future developed schemes and communicate periodically such planning to the EC and relevant CSA stakeholders.
EU cybersecurity certification schemes for products, services and process should include, to the extent possible, not only requirements for the end product/service/process but also assurance for the engineering process, by setting process guidelines for software development, maintenance and operation.
During the development of EU cybersecurity certification schemes, lightweight conformity assessment methods for the basic assurance level should be considered as a response to the existing fragmented landscape of software development and maintenance.
Software developers and product manufacturers should put forward their experience and expertise and promote the uptake of EU cybersecurity certification schemes.