A common criteria based approach for COTS component selection

Abstract

Component-based software engineering (CBSE) endeavors to enable software developers to develop quality software systems with less time and resources than traditional development approaches. Software components must be identified and evaluated in order to determine if they provide required functionality for systems being developed. Consideration of security requirements for component selection is of interest. This research considers how the Common Criteria (CC), an internationally recognized standard for security requirements definition and security assessment of IT systems, can be applied towards the development of component-based systems. A CC-based COTS component selection process is proposed which integrates activities of the CC for security requirements specification and evaluation. Research questions are presented for the evaluation of the process to establish its value for COTS component selection as well as to identify areas for improvement. © JOT, 2005.