查看文章

Recent software development methodologies, as DevOps or Agile, are very popular and widely used, especially for the development of cloud services and applications. They dramatically reduce the time-to-market of developed software but, at the same time, they can be hardly integrated with security design and risk management methodologies. These cannot be easily automated and require big economic investments, due to the necessity of security experts in the development team and to the lack of automatic tools to evaluate risk and to assess security in the design and operation phases. This paper presents a novel Security-by-Design methodology based on Security Service Level Agreements (SLAs), which can be integrated within modern development processes and that is able to support the risk management life-cycle in an almost-completely automated way. In particular, it relies upon a guided risk analysis …