Safe and secure: re-engineering a software process set for the challenges of the 21st century

This paper discusses a risk-based approach to re-engineering a legacy software engineering process set in the context of a large-scale engineering enterprise responsible for the design and production of surface warships. The increasing integrity requirements on software deployed on modern naval platforms, principally in respect of safety and security, have been addressed through elicitation and analysis of key software integrity risks. The results of this analysis have been applied to assess the extent of mitigation of the identified risks provided in the legacy process set. This assessment provides a basis for the further development and improvement of the process set in respect of treatment of software integrity. More generally the approach provides a template for risk elicitation and analysis that can be extended to treat further categories of software-related risk such as acquisition/supply chain, legal and human factors.