Software risk assessment for measuring instruments in legal metrology

In Europe, measuring instruments subject to legal control are responsible for an annual turnover of 500 billion Euros and need to pass a conformity assessment with respect to European directives or national legislation before they can be used. Today, measuring instruments are frequently integrated into open networks and even branch into the areas of cloud computing and Internet of Things. Since software is one of the key components of such devices, Germany's national metrology institute, the Physikalisch-Technische Bundesantalt, is developing a method to assess the risks and evaluate current threats associated with software. The method uses the structure of and combines elements from the international ISO/IEC standards 27005 and 15408. It could be helpful for conformity assessment bodies and industry alike and supports the comparability of risk assessment results. Despite its focus on legal metrology, the method is applicable to other areas where software risk assessment is required, too.

[1]  Arie van Deursen,et al.  Source-based software risk assessment , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..

[2]  Norbert Greif,et al.  AN INTERNATIONAL HARMONISED MEASUREMENT SOFTWARE GUIDE: THE NEED AND THE CONCEPT , 2009 .

[3]  Sher Jung,et al.  Software risk assessment and evaluation process (SRAEP) using model based approach , 2010, 2010 International Conference on Networking and Information Technology.

[4]  Say Wei Foo,et al.  Software risk assessment model , 2000, Proceedings of the 2000 IEEE International Conference on Management of Innovation and Technology. ICMIT 2000. 'Management in the 21st Century' (Cat. No.00EX457).

[5]  Florian Thiel,et al.  Achieving Software Security for Measuring Instruments under Legal Control , 2014, FedCSIS.

[6]  Gebhard Geiger,et al.  ICT Security Risk Management: Economic Perspectives , 2014, FedCSIS.