Continuous compliance
Martin Kellogg, Martin Schäf, Serdar Taşiran, Michael D. Ernst
Abstract
Vendors who wish to provide software or services to large corporations and governments must often obtain numerous certificates of compliance. Each certificate asserts that the software satisfies a compliance regime, like SOC or the PCI DSS, to protect the privacy and security of sensitive data. The industry standard for obtaining a compliance certificate is an auditor manually auditing source code. This approach is expensive, error-prone, partial, and prone to regressions.
Topics & Concepts
CertificateAuditCompliance (psychology)Computer securityComputer scienceSoftware security assuranceSoftwareAccountingBusinessInformation securitySecurity serviceOperating systemAlgorithmSocial psychologyPsychologyWeb Application Security VulnerabilitiesSecurity and Verification in ComputingDigital and Cyber Forensics