Secure and robust operational software is becoming more and more a critical aspect in information security. It provides an important layer in the defense-in-depth principle and mitigates the risks related to one of the main entry points for hackers and cyber criminals. From a formal point of view, the additional processes necessary to be introduced into the SDLC require the adaptation of the current set of ECSS standards for software engineering. For this reason, an ESA ESB standardization activity has been initiated and has produced a standard, handbook, and technical requirements baseline to achieve this goal. In our chapter, we have also described the approach that is taken by the standardization activity to achieve these objectives. We reported on a practical deployment of a secure software engineering prototype tool, the GASF, in ESA's Ground Segment Engineering Department. The operational use of the GASF tool not only will help to assess the real overhead of applying security to a software development process, but also function as an important prototype of the standard.
展开▼