Revisiting Secure Software Engineering for Research Software

Abstract

In the past years, guidelines for a good practice in Research Software Engineering were established in many research facilities. Examples are applied guidelines at the German Aerospace Center (DLR) or the NL eScience Center. Recently, these guidelines were acknowledged as important by the European Union, the Helmholtz Association, and the Max-Planck Society as well as in their strive to support Open Science. But, most guidelines lack information on how to apply Secure Software Engineering (SSE) methods in Scientific Software. More importantly, it is not even clear what aspects of SSE are of particular interest in Research Software Development. In 2018, we published a position and vision paper at the “1st International Workshop on Security Awareness from Design to Deployment” called “DLR Secure Software Engineering”. In this paper we drew an ambitious roadmap towards a structured approach for identification and evaluation of relevant aspects and processes. Since then, we gained some insights about what is already possible, what could be done, and what is (yet) beyond our reach. In this talk we want to discuss and raise awareness why Secure Software Engineering is an important factor that needs to be acknowledged in the Research Software Engineering Community. We also want to have a look at certain aspects of our previous work and also evaluate on how things could be done (different).