- Status: Planned Program
Background
Consumers are constantly dealing directly or indirectly with software in their everyday lives, from banking apps to smart robot vacuum cleaners. The operational and IT security of the applications is often difficult for them to grasp. Has the software been carefully developed or are vulnerabilities likely? What needs to be considered for secure use and is the simplest use also the most secure? To what extent can any data outflow be controlled?
Where there is a lack of transparency and understanding, civil society not only finds it difficult to trust digital solutions, but also to assert its interests against manufacturers. Both are necessary for a secure digital everyday life.
Aim
The planned research program “Software Security Score” (3S) aims to make software security tangible and comparable. Using measurable parameters, a broadly applicable evaluation metric is to be developed that meaningfully summarizes the various influencing factors for end users in a security score. The individual steps of the evaluation must be prepared in a comprehensible and understandable manner and be reproducible. Safety should not be understood as a state, but as a process: It results from the context of use, the interaction with hardware and other software components and the life cycle that the product goes through. The software security score should be managed by a central point of trust and must be able to be collected efficiently for widespread use. With a supplementary program, consumers can carry out or understand the assessment themselves to some extent.
Disruptive Risk Research
The disruptive potential arises from the difficulty of breaking down software security in a meaningful way while retaining validity. Currently, there are certificates and seals of approval, but these often make limited statements and only evaluate a product in binary terms. There is great potential to make the various aspects that contribute to security much more transparent and tangible for citizens. Manufacturers could also be extrinsically motivated to design their products carefully and in a consumer-friendly way.