There is the need to integrate and improve existing methodologies and tools addressing security concerns in the software life cycle. All partners will work towards connecting their methodologies and tools. This activity on the one hand relies on the in-house research activities conducted within the NoE. On the other hand, it will also absorb tools and methodologies that have been developed outside the NoE. Openness to the wider scientific community will be an additional feature. This activity is also devoted to evaluate current software life cycle methodologies (and their components). The goal is to identify new methodologies that reshape the existing ones, and embody the techniques developed in this joint research activity. Comparison will be also done among existing tools.
The software WorkBench for secure services (WorkBench hereafter) will integrate the various tools, methods and techniques developed as a result of research and integration in the network. Integration of research results into the WorkBench provides a visible and common goal that network members can work towards, and ensures a high level of integration between the various groups, results and activities.
The WorkBench is thus targeted to become a vehicle for technology transfer, and quality assurance controls will ensure a level of maturity in the tools, methods and techniques that will be incorporated into any release level.
The WorkBench comprises two key elements:
Firstly, we will evaluate security engineering methods and identify relationships among them. We will work with the partners to integrate these methods in a sensible way to be used appropriately, thus creating a portfolio for their use. Secondly, we will identify existing and new tools for security engineering, and we will evaluate and compare them to produce a comprehensive overview. We will approach this challenge in a cost-effective way by adapting an existing tool integration platform developed by one of the NESSoS partners (the Service Development Environment – SDE) to the new requirements of security-related tools. In particular, we work on integrating tools and workflows for using them in combination. In both the tool and the method part of work package (WP) 2, we will leverage on case studies to ensure applicability to industry software.
We expect the WorkBench to become a basis for providing training activities later down the line, which may contribute to the longer term sustainability of the network. We aim to employ an open source licensing policy for the WorkBench that is open yet protective of Intellectual Property Rights (IPR). Access will be provided freely within the network and as open as possible outside. It is not advisable to fix the licensing policy without careful exploration of the feasibility of the different options available (existing open source tools from the various partners will most likely be available under different types of licenses). A recommendation for the licensing policy will, therefore, be made as part of the roadmap for the WorkBench to be developed during the first 18 months.