Early evaluation of security functionality in software projects - some experience on using the common criteria in a quality management process

This paper documents the experiences of assurance evaluation during the early stage of a large software development project. This project researches, contracts and integrates privacy-respecting software to business environments. While assurance evaluation with ISO 15408 Common Criteria (CC) within the certification schemes is done after a system has been completed, our approach executes evaluation during the early phases of the software life cycle. The promise is to increase quality and to reduce testing and fault removal costs for later phases of the development process. First results from the still-ongoing project suggests that the Common Criteria can define a framework for assurance evaluation in ongoing development projects.Dieses Papier dokumentiert den Versuch, mittels der Common Criteria nach ISO 15408 bereits während der Erstellung eines Softwaresystems dessen Sicherheitseigenschaften zu überprüfen. Dies geschieht im Gegensatz zur üblichen Post-Entwicklungs-Evaluation

Software Development Standard and Software Engineering Practice: A Case Study of Bangladesh

Improving software process to achieve high quality in a software development organization is the key factor to success. Bangladeshi software firms have not experienced much in this particular area in comparison to other countries. The ISO 9001 and CMM standard has become a basic part of software development. The main objectives of our study are: 1) To understand the software development process uses by the software developer firms in Bangladesh 2) To identify the development practices based on established quality standard and 3) To establish a standardized and coherent process for the development of software for a specific project. It is revealed from this research that software industries of Bangladesh are lacking in target set for software process and improvement, involvement of quality control activities, and standardize business expertise practice. This paper investigates the Bangladeshi software industry in the light of the above challenges.Comment: 13 pages, 3 figures, 11 table

Solihull Sixth Form College: report from the Inspectorate (FEFC inspection report; 29/97 and 60/01)

The Further Education Funding Council has a legal duty to make sure further education in England is properly assessed. The FEFC’s inspectorate inspects and reports on each college of further education according to a four-year cycle. This record comprises the reports for periods 1996-97 and 2000-01

Gateway Sixth Form College: report from the Inspectorate (FEFC inspection report; 25/94 and 50/99)

Comprises two Further Education Funding Council (FEFC) inspection reports for the periods 1993-94 and 1998-99

Newcastle College: report from the Inspectorate (FEFC inspection report; 80/96 and 98/99)

The Further Education Funding Council has a legal duty to make sure further education in England is properly assessed. The FEFC’s inspectorate inspects and reports on each college of further education according to a four-year cycle. This record comprises the reports for periods 1995-96 and 1998-99

Management plan documentation standard and Data Item Descriptions (DID). Volume of the information system life-cycle and documentation standards, volume 2

This is the second of five volumes of the Information System Life-Cycle and Documentation Standards. This volume provides a well-organized, easily used standard for management plans used in acquiring, assuring, and developing information systems and software, hardware, and operational procedures components, and related processes

Chesterfield College (FEFC inspection report; 80/95 and 93/00)

Comprises two Further Education Funding Council (FEFC) inspection reports for the periods 1994-95 (80/95), and 1999-2000 (93/00). The FEFC has a legal duty to make sure further education in England is properly assessed. Inspections and reports on each college of further education are conducted according to a four-year cycle. Chesterfield College is a large general further education college located on two sites in Chesterfield

Assurance specification documentation standard and Data Item Descriptions (DID). Volume of the information system life-cycle and documentation standards, volume 4

This is the fourth of five volumes on Information System Life-Cycle and Documentation Standards. This volume provides a well organized, easily used standard for assurance documentation for information systems and software, hardware, and operational procedures components, and related processes. The specifications are developed in conjunction with the corresponding management plans specifying the assurance activities to be performed