Sammendrag
In recent years, there has been an increasing interest and growing use of agile development methods when developing safety-critical systems. This interest is motivated by the need to shorten time-to-market, reduce costs, improve quality, and to support the paradigm of continuous development and deployment. This paper presents an agile lifecycle approach to Reliability, Availability, Maintainability, Safety and Security (RAMSS) engineering and management. The current trend for cyber physical systems is more connectivity over insecure networks, and as a consequence of emerging security threats, we suggest a systematic addition of security in this area, complementing safety. Depending on the domain, it is not just the software itself that must be updated due to security issues, but also safety cases and accompanying evidence. The Agile RAMSS approach covers all phases of the development process, including improvements due to modifications and safe patching during operation. These improvements have to be performed based on strict safety standard requirements. The lifecycle is aimed at manufacturers of High Integrity Systems, like Industrial Automation and Control Systems and Safety Instrumented Systems. We have used our in-depth knowledge of security standards, like the IEC62443 series and the software safety standards IEC61508-3 and EN 50128, to establish a risk-based approach that is combined with a fast track solution of the SafeScrum method including DevOps.
Vis fullstendig beskrivelse
