View article

Assuring the security of software-dependent systems in the face of cyber-attacks and failures is now among the top priorities for governments and providers of electric, financial, communication, and other essential services. Practical and foundational solutions for systematic, secure, and trustworthy system development are needed to support developers, regulators, and certification bodies in providing assurance that security threats faced by the software systems used in these environments have been adequately mitigated. Using recent experiences reported in the literature as a basis, we discuss the challenges of providing security assurance for software-dependent systems. We also explore the barriers to adoption of existing approaches and techniques which can play an important role in security assurance efforts. Ultimately, we present a set of recommendations which outline a collection of follow-on research …