Towards Automated Continuous Security Compliance
Context: Continuous Software Engineering is increasingly adopted in highly regulated domains, raising the need for continuous compliance. Adherence to especially security regulations – a major concern in highly regulated domains – renders Continuous Security Compliance of high relevance to industry and research.
Problem: One key barrier to adopting continuous software engineering in the industry is the resource-intensive and error-prone nature of traditional manual security compliance activities. Automation promises to be advantageous. However, continuous security compliance is under-researched, precluding an effective adoption.
Contribution: We have initiated a long-term research project with our industry partner to address these issues. In this manuscript, we make three contributions: (1) We provide a precise definition of the term continuous security compliance aligning with the state-of-art, (2) elaborate a preliminary overview of challenges in the field of automated continuous security compliance through a tertiary literature study, and (3) present a research roadmap to address those challenges via automated continuous security compliance.
Thu 24 OctDisplayed time zone: Brussels, Copenhagen, Madrid, Paris change
16:00 - 17:30 | Software measurement and estimationsESEM Technical Papers / ESEM IGC / ESEM Journal-First Papers / ESEM Emerging Results, Vision and Reflection Papers Track at Multimedia (B3 Building - Hall) Chair(s): Beatriz Bernárdez Universidad de Sevilla | ||
16:00 20mFull-paper | Enhancing Change Impact Prediction by Integrating Evolutionary Coupling with Software Change Relationships ESEM Technical Papers Daihong Zhou School of Computer Science and Information Engineering, Shanghai Institute of Technology, Jiyue Zhang School of Computer Science, Fudan University, Ping Yu Fudan University, China, Wunan Guo School of Optical-Electrical and Computer Engineering, University of Shanghai for Science and Technology | ||
16:20 20mFull-paper | M-score: An Empirically Derived Software Modularity Metric ESEM Technical Papers Ernst Pisch Drexel University, Yuanfang Cai Drexel University, Rick Kazman , Jason Lefever Drexel University, Hongzhou Fang Drexel University | ||
16:40 15mVision and Emerging Results | Towards Automated Continuous Security Compliance ESEM Emerging Results, Vision and Reflection Papers Track Florian Angermeir fortiss, Jannik Fischbach Netlight GmbH / fortiss GmbH, Fabiola Moyon Siemens AG, Munich, Germany, Daniel Mendez Blekinge Institute of Technology and fortiss Pre-print | ||
17:00 15mJournal Early-Feedback | Much more than a prediction: Expert-based software effort estimation as a behavioral act ESEM Journal-First Papers Patrícia G. F. Matsubara Federal University of Mato Grosso do Sul (UFMS), Igor Steinmacher Northern Arizona University, Bruno Gadelha UFAM, Tayana Conte Universidade Federal do Amazonas DOI | ||
17:15 15mIndustry talk | On the Accuracy of Effort Estimations based on COSMIC Functional Size Measurement: A Case Study ESEM IGC Ersin Ersoy Paycell, Selami Bagriyanik Singularity Software Technologies; Istanbul Topkapi University, Hasan Sozer Ozyegin University | ||