Managing security evidence in safety-critical organizations

Download PDF
Open Webpage

Mazen Mohamad, Jan-Philipp Steghöfer, Eric Knauss, Riccardo Scandariato

Published: 01 Jan 2024, Last Modified: 14 Jul 2025J. Syst. Softw. 2024EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Highlights•Current maturity levels for managing security evidence are low.•Artifacts are not recognized as evidence and managed as other development artifacts.•An organizational-level framework for managing security evidence is missing.•Effective management of security evidence requires considering the human aspect.•Supplier–customer relationships require a common language for security assurance.