[SPARTA - bodies.dissemination-committee] Accepted paper

Dear all, I am happy to announce that our journal paper "Product Incremental Security Risk Assessment using DevSecOps Practices" has been accepted at SecAssure 2022 (1st International Workshop on System Security Assurance https://www.ntnu.edu/secassure/call-for-papers). Journal: Springer Nature - Computer Security  ESORICS 2022 International Workshops: ADIoT, CDT&SECOMANE, CPS4CIP, CyberICPS, EIS, SecAssure, SECPRE, SP-MIoT, SPOSE Title: Product Incremental Security Risk Assessment using DevSecOps Practices Authors: Sébastien Dupont, Artsiom Yautsiukhin, Guillaume Ginis, Giacomo Iadarola, Stefano Fagnano, Fabio Martinelli, Christophe Ponsard, Axel Legay and Philippe Massonet Abstract: Security risk assessment is often a heavy manual process, making it expensive to perform. DevOps, that aims at improving soft- ware quality and speed of delivery, as well as DevSecOps that augments DevOps with the automation of security activities, provide tools and procedures to automate the risk assessment. We propose a solution to integrate risk assessment with DevSecOps activities and processes in or- der to make the risk assessment more continuous and automated. The solution is illustrated on a use case where the firewall of a robot vehicles is updated while risk assessment is done in an iterative manner. This ap- proach aims at facilitating assessment (and certification such as EUCC) processes. -- Sebastien Dupont Expert Research Engineer Model-Based Engineering and Distributed Systems CETIC Avenue Jean Mermoz 28 B-6041 Charleroi Tel: +32 488 237 483