Approaches and tools for security in software and hardware development and assessment

Topic description

ExpectedOutcome:

Projects’ results are expected to contribute to some or all of the following outcomes:

• Improved hardware and software security engineering; resilient systems design;
• Improved access to testing of hardware and software in virtual, closed and secure environments;
• Systematic and, where possible, automated study of vulnerabilities, software analysis, vulnerability discovery, and dynamic security assessment;
• Trustworthy certifiable hardware and software;
• AI-based security services e.g. predictive security, advanced anomaly and intrusion detection, system health checks.

Software is at the foundation of all digital technologies and, as such, at the core of IT infrastructures, services, and products. Current software development prioritises fast deployment over security, which results in vulnerabilities and unsecure applications. Security engineering, both at the software and hardware levels, must be integrated in their development. Whilst a great portion of the software and hardware used in the EU is developed outside the European Union, it should comply with the security requirements within the EU. The EU should be able to rely on software and hardware that can be verified and audited as to their security. In particular, the potential security implications of using open-source software and hardware, and security auditability in that context, should be further explored. Software is subject to continuous update, so the security posture cannot be assessed once and for all, hence methods and tooling to perform continuous assessments of security are needed. In addition, security and privacy regulations also evolve, having to be factored in compliance approaches.

The identification and analysis of potential regulatory aspects and barriers for the developed technologies/solutions is encouraged, where relevant.