Technical Description
The main objective of this VM4SEC project is to research, develop and provide innovative tools to support the development of security sensitive software products. The provided tools will be produced from the VM4SEC project toolbox and will aim to support the development of secure software, while minimizing both the time and associated costs of the secure software development process. The architecture of the VM4SEC platform, as depicted in Εικόνα 1, is mainly based on two elements: (a) at safety assessment model which allows the evaluation of the security level of the software product under development based on the results of R&D tools and knowledge gained from existing software projects, and (b) in vulnerability prediction model which allows the identification of possible vulnerabilities in parts of the software under development, and especially, in parts that require more thorough security control. Finally, the development of a visualization and recommendation interface which, as its name indicates, will visualize the results of the two aforementioned fundamental elements and provide recommendations aimed at improving the security of the software under development.
The implementation of the project will be based on model of the Flexible (agile) Methodology. This will lead to a quality system that will serve the needs of users, even if these change by the time the final system is delivered.
More specifically, the SCRUM method will be used, in which there are five roles in the work team: a) the product owner (Product Owner), b) the scrum leader (Scrum Master), c) the development team (Development Team), d) the internal stakeholders (internal stakeholders) and e) the external stakeholders (external stakeholders).
The product owner is the Project Scientist who has a clear view of the overall intended outcome and will communicate with both stakeholder groups (internal and external), the implementation team, as well as the scrum master. The leader possesses the technical knowledge of implementation and management of corresponding projects implemented in the past and his role is to motivate the members of the development team, guide them and protect them from outside interference.
The development team works in iteration cycles (sprints), in which together with the scrum leader they renew the remaining product (Product Backlog) and define the tasks to be implemented in the current cycle. The development team consists of 2-6 members and its composition is determined by the type of project. In the framework of the proposed system, due to the different nature of the various sub-processes, a mixed team of 3 people will be created, consisting of software engineers and researchers, who will focus on the area of quality and in particular software security.
Internal stakeholders are a committee of high-level executives who work with the product owner primarily on administrative matters. In the project, a committee will be created, which will consist of the Scientific Manager and a representative of each institution of the partnership. In the pilot facilities, user groups (external stakeholders of the SCRUM model) will be created, who in the critical sprints will receive new versions of the system and will feed back to the product owner with comments, observations and additional functions that they would like the system to implement to support.
