Home Risk and Cost Aware Software Development Lifecycle
Risk and Cost Aware Software Development Lifecycle

During the software development life cycle, there is a need to ensure security from many perspectives. On the one hand, the choices of security mechanisms, as well as the security design decisions, must fulfil the identified security requirements. On the other hand, support for many related qualities is important as well; for instance the use of appropriate mechanisms for availability, as well as sanity and robustness of implementation code. In fact the design decisions must satisfy the request for the prioritisation (balancing and trade-off) of the investment of all stakeholders, including service providers, end-users etc. In such a setting of the security requirements has to compete with several other priorities.

Obviously the value of security solutions and their return on investment must be clearly demonstrated from a business oriented perspective. The value of the chosen security solutions has to be derived from the risk analysis. The net value of the investment must be derived by analyzing the cost that comes with creating security solutions and implementing security measures. The integration of risk and cost analysis in the whole SDLC, and an extension of the overall approach towards execution time, is the necessary response to these needs.

The identification and assessment of risks and the analysis of costs associated with countermeasures can then enable the making of the most cost effective security design decisions and the selection of implementation techniques.

The main objective of this activity is to incept a risk and cost aware SDLC that enables practitioners to instantiate and exploit an engineering process that optimises value-for-money in terms of minimising effective risk, while keeping cost low and justified.

  • A basic methodology to perform risk management and cost assessment through the SDLC;
  • A roadmap of prototypical versions of tool support for the basic methodology;
  • Extra methods and techniques to conduct risk management at run-time;
  • An integrated approach to security in the SDLC by offering risk and cost awareness on top of a development process that delivers security assurance.