Creating and Applying Security Goal Indicator Trees in an Industrial Environment

Security inspections are increasingly important for bringing security-relevant aspects into software systems, particularly during the early stages of development. Nowadays, such inspections often do not focus specifically on security. With regard to security, the well-known and approved benefits of inspections are not exploited to their full potential. This book chapter focuses on the Security Goal Indicator Tree application for eliminating existing shortcomings, the training that led to their creation in an industrial project environment, their usage, and their reuse by a team in industry. SGITs are a new approach for modeling and checking security-relevant aspects throughout the entire software development lifecycle. This book chapter describes the modeling of such security goal based trees as part of requirements engineering using the GOAT tool dedicated plug-in and the retrieval of these models during the various phases of the software development lifecycle in a project by means of Software Vulnerability Repository Services (SHIELDS, Software Vulnerability Repository Services) created in the European project SHIELDS (SHIELDS, SHIELDS - Detecting known security vulnerabilities from within design and development tools).