Towards Data-driven Continuous Compliance Testing

Andreas Steffens, Horst Lichter, Marco Moscher
2018 Software Engineering  
Recent studies show that security vulnerabilities are caused by neglecting best-practices for the configuration of software and the underlying infrastructure. Due to the rising complexity of software systems and the accelerated speed of software releases using mechanisms like continuous delivery the problem gets even more challenging. Existing processes and methods are not adequate to cope with these challenges. This paper proposes an approach for continuous compliance testing. Using well-known
more » ... methods from software testing, this approach enables an organization to define, organize, and execute compliance tests in a structured and reusable way. We focus in our approach onto integrating a software-centric point of view for modeling compliance requirements. By embedding our approach into a deployment pipeline automated continuous compliance testing can be realized.
dblp:conf/se/SteffensLM18 fatcat:6bkyrnebwrajjmgv6p2543vbtu