iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 23643:2020

(Main)

Software and systems engineering — Capabilities of software safety and security verification tools

Software and systems engineering — Capabilities of software safety and security verification tools

This document specifies requirements for the vendors and gives guidelines for both the users and the developers of software safety and security verification tools. The users of such tools include, but are not limited to, bodies performing verification and software developers who need to be aware and pay attention to safety and/or security of software. This document guides the verification tool vendors to provide as high-quality products as possible and helps the users to understand the capabilities and characteristics of verification tools. This document introduces use cases for software safety and security verification tools and entity relationship model related to them. This document also introduces tool categories for software safety and security verification tools and gives category specific guidance and requirements for the tool vendors and developers.

Ingénierie du logiciel et des systèmes — Capacités des outils de vérification de la sûreté et de la sécurité des logiciels

General Information

Status
Published
Publication Date
11-Jun-2020
ICS
35.080 - Software
Technical Committee
ISO/IEC JTC 1/SC 7 - Software and systems engineering
Drafting Committee
ISO/IEC JTC 1/SC 7/WG 4 - Tools and environment
Current Stage
6060 - International Standard published
Start Date
12-Jun-2020
Due Date
07-Dec-2021
Completion Date
12-Jun-2020
Ref Project

Buy Standard

ISO/IEC 23643:2020 - Software and systems engineering -- Capabilities of software safety and security verification toolsISO/IEC 23643:2020 - Software and systems engineering -- Capabilities of software safety and security verification tools
PreviousNext
Standard
ISO/IEC 23643:2020 - Software and systems engineering -- Capabilities of software safety and security verification tools
English language
30 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 23643:2020 - Software and systems engineering -- Capabilities of software safety and security verification toolsISO/IEC 23643:2020 - Software and systems engineering -- Capabilities of software safety and security verification tools
PreviousNext
Standard
ISO/IEC 23643:2020 - Software and systems engineering -- Capabilities of software safety and security verification tools
English language
30 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
23643
ISO/IEC JTC 1/SC 7
Software and systems engineering —
Secretariat: BIS
Capabilities of software safety and
Voting begins on:
2020­03­11 security verification tools
Voting terminates on:
2020­05­06
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/IEC FDIS 23643:2020(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
©
NATIONAL REGULATIONS. ISO/IEC 2020

---------------------- Page: 1 ----------------------
ISO/IEC FDIS 23643:2020(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH­1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC FDIS 23643:2020(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative References . 1
3 Terms and Definitions . 1
4 Abbreviated terms . 6
5 Models for software safety and security verification tools . 6
6 Use cases of software safety and security verification tools . 8
6.1 General . 8
6.2 Verification for low criticality software . 9
6.3 Verification for medium criticality software .10
6.4 Verification for high criticality software .10
7 Entity relationship chart of software safety and security verification .11
8 Categories, capabilities of and requirements for software safety and security
verification tools .12
8.1 General .12
8.2 Categories of software safety verification tools .13
8.2.1 General.
...

INTERNATIONAL ISO/IEC
STANDARD 23643
First edition
2020-06
Software and systems engineering —
Capabilities of software safety and
security verification tools
Ingénierie du logiciel et des systèmes — Capacités des outils de
vérification de la sûreté et de la sécurité des logiciels
Reference number
ISO/IEC 23643:2020(E)
©
ISO/IEC 2020

---------------------- Page: 1 ----------------------
ISO/IEC 23643:2020(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 23643:2020(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 6
5 Models for software safety and security verification tools . 7
6 Use cases of software safety and security verification tools . 9
6.1 General . 9
6.2 Verification for low criticality software .10
6.3 Verification for medium criticality software .10
6.4 Verification for high criticality software .11
7 Entity relationship chart of software safety and security verification .12
8 Categories, capabilities of and requirements for software safety and security
verification tools .13
8.1 General .13
8.2 Categories of software safety verification tools .13
8.2.1 General.13
8.2.2 Specification and refinement tools .13
8.2.3 Model checking tools .13
8.2.4 Program analysis tools .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC/IEEE 24748-1:2024(Main)
Systems and software engineering — Life cycle management — Part 1: Guidelines for life cycle management

This document provides guidance for the life cycle management of systems and software, complementing the processes described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207. This document: — addresses systems concepts and life cycle concepts, models, stages, processes, process application, key points of view, adaptation and use in various domains and by various disciplines; — establishes a common framework for describing life cycles, including their individual stages, for the management of projects that provide or acquire either products or services; — defines the concept of a life cycle; — supports the use of the life cycle processes within an organization or a project; organizations and projects can use these life cycle concepts when acquiring and supplying either products or services; — provides guidance on adapting a life cycle model and the content associated with a life cycle or a part of a life cycle; — describes the relationship between life cycles and their use in applying the processes in ISO/IEC/IEEE 15288 (systems aspects) and ISO/IEC/IEEE 12207 (software systems aspects); — shows the relationships of life cycle concepts to the hardware, human, services, process, procedure, facility and naturally occurring entity aspects of projects; — describes how its concepts relate to detailed process standards, for example, in the areas of measurement, project management, risk management and model-based systems and software engineering.

  • Standard
    76 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 24748-2:2024(Main)
Systems and software engineering — Life cycle management — Part 2: Guidelines for the application of ISO/IEC/IEEE 15288 (system life cycle processes)

The proposed project is a revision of ISO/IEC/IEEE 24748-2:2018, Systems and software engineering — Life cycle management — Part 2: Guidelines for the application of ISO/IEC/IEEE 15288 (System life cycle processes). There are no scope changes. ISO/IEC/IEEE 24748-2 is a guideline for the application of ISO/IEC/IEEE 15288. It addresses system, life cycle, organizational, project, and process, concept application, principally through reference to ISO/IEC/IEEE 24748-1 and ISO/IEC/IEEE 15288. It gives guidance on applying ISO/IEC/IEEE 15288 from the aspects of strategy, planning, application in organizations, and application on projects. It also provides comparison of the differences between ISO/IEC/IEEE 15288 current revision and the prior version, ISO/IEC 15288:2015.

  • Standard
    63 pages
    English language
    sale 15% off
ISO
ISO/IEC 25002:2024(Main)
Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Quality model overview and usage

This document establishes a framework for defining quality models which are composed of quality characteristics and sub-characteristics. In particular, this document provides: — the concept of a quality model; — the structure and semantics of quality models; — the relationship between quality models and the other concepts, including measurement, requirement definition, and evaluation; — guidelines, requirements and examples for using quality models.

  • Standard
    17 pages
    English language
    sale 15% off
ISO
ISO/IEC 19770-1:2017/Amd 1:2024(Amendment)
Information technology — IT asset management — Part 1: IT asset management systems — Requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO/IEC 19770-6:2024(Main)
Information technology — IT asset management — Part 6: Hardware identification tag

This document provides specifications for a transport format which enables the digital encapsulation of this data. This document refers to an encapsulation of hardware identification (HWID) data as a HWID tag, just as ISO/IEC 19770-2 refers to software identification (SWID) tags for software identification. This document applies to the following. — Tag producers: organizations that create HWID tags for use by others in the market. A tag producer can be part of the organization creating the hardware or a third-party organization. These organizations can be broken down into two major categories. — Device or component providers: entities responsible for the manufacturing or creation of the hardware device and/or associated operating system, virtual environment, or application platform. Platform providers which support this document can additionally provide tag management capabilities at the level of the platform or operating system. — Tag tool providers: entities that provide tools to create hardware identification tags. For example, tools within development environments that generate hardware identification tags, or installation tools that can create tags on behalf of the installation process, and/or desktop management tools that can create tags for underlying hardware, virtual machines, or platforms that did not originally have a hardware identification tag. — Tag consumers: tools and/or organizations who utilize information from HWID tags are broken down into the following two major categories. — Device or component consumers: entities that purchase, install, integrate, and/or otherwise deploy physical or virtual hardware or components. — IT discovery and processing tool providers: entities that provide tools to collect, store, and process hardware identification tags. These tools may be targeted at a variety of different market segments, including security, asset management, and logistics. This document deals only with hardware device or component identification. This document does not detail information technology asset management (ITAM) processes required for discovery and management of hardware (which is provided in ISO/IEC 19770-1) software identification tags (as defined by ISO/IEC 19770-2), entitlement tags (as defined by ISO/IEC 19770-3), or resource utilization measurements (as defined by ISO/IEC 19770-4).

  • Standard
    41 pages
    English language
    sale 15% off
ISO
ISO/IEC 25019:2023(Main)
Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Quality-in-use model

This document defines a quality-in-use model composed of three characteristics (which are further subdivided into sub-characteristics) that can influence stakeholders when products or systems are used in a specified context of use. This model is applicable to the entire spectrum of information system and IT service system, including both computer systems in use and software products in use. This document provides a set of quality characteristics for specifying, measuring, evaluating and improving quality-in-use. In this document, because context of use is specified as prerequisite of quality-in-use, context of use is necessary to be re-specified to change prerequisite when a product or service intend to fulfil to context of use changes. The model can be applied, in particular, by those responsible for specifying and evaluating software product quality, such as developers, acquirers, quality assurance and control staff, and independent evaluators. Activities during product development that can benefit from the use of the quality model can include, but are not limited to: — identifying requirements for information system and IT service system in use; — validating the comprehensiveness of a quality-in-use requirements specification; — identifying information system and IT service system design objectives for quality-in-use; — identifying quality-in-use control criteria as part of overall quality assurance; — identifying acceptance criteria for information system and IT service system or information systems; — establishing measures to address the consequences of using products in specified context-of -use; — presenting evaluation items for ethics considerations when using information system and IT service system; — supporting governance of digitalization activities.

  • Standard
    31 pages
    English language
    sale 15% off
ISO
ISO/IEC 25010:2023(Main)
Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Product quality model

This document defines a product quality model, which is applicable to ICT (information and communication technology) products and software products. The product quality model is composed of nine characteristics (which are further subdivided into subcharacteristics) that relate to quality properties of the products. The characteristics and subcharacteristics provide a reference model for the quality of the products to be specified, measured and evaluated. NOTE 1 In this document, a product refers to an ICT product that is part of an information system. ICT product components include subsystems, software, firmware, hardware, data, communication infrastructure, and other elements that are part of the ICT product. This model can be used for requirements specification and evaluation of the target products’ quality throughout their lifecycle by several stakeholders, including developers, acquirers, quality assurance and control staff and independent evaluators. Activities in the product lifecycle that can benefit from the use of this model include: — eliciting and defining product and information system requirements; — validating the comprehensiveness of requirements definition; — identifying product and information system design objectives, and design necessary process for achieving quality; — identifying product and information system testing objectives; — identifying quality control criteria as the part of quality assurance; — identifying acceptance criteria for a product and/or an information system; — establishing measures of product quality characteristics in support of these activities. NOTE 2 Usage of the quality model for measurement is explained in Annex C.

  • Standard
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 15026-3:2023(Main)
Systems and software engineering — Systems and software assurance — Part 3: System integrity levels

This document specifies the concept of integrity levels with the corresponding integrity level requirements for achieving the integrity levels. Requirements and recommended methods are provided for defining and using integrity levels and their corresponding integrity level requirements. This document covers systems, software products, and their elements, as well as relevant external dependences. This document is applicable to systems and software and is intended for use by: a) definers of integrity levels such as industry and professional organizations, standards organizations, and government agencies; b) users of integrity levels such as developers and maintainers, suppliers and acquirers, system or software users, assessors of systems or software and administrative and technical support staff of systems and/or software products. One important use of integrity levels is by suppliers and acquirers in agreements, for example, to aid in assuring safety, financial, or security characteristics of a delivered system or product. This document does not prescribe a specific set of integrity levels or their integrity level requirements. In addition, it does not prescribe the way in which integrity level use is integrated with the overall system or software engineering life cycle processes. It does, however, provide an example of use of this document in Annex A.

  • Standard
    21 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 7052:2023(Main)
Software engineering — Controlling frequently occurring risks during development and maintenance of custom software

This document: — describes frequently occurring risks during development and maintenance of custom software; — describes possible controls for frequently occurring risks; — describes the related: — activities, facilities and roles typically used for these controls; — properties of products and processes; — standards, measurements, testing and assessment of the properties of products and processes.

  • Technical report
    36 pages
    English language
    sale 15% off
ISO
ISO/IEC/IEEE 24748-6:2023(Main)
Systems and software engineering — Life cycle management — Part 6: System and software integration

This document: — provides supplemental requirements and guidance for the planning and performing of the integration processes given in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207; — provides guidance on the relationship between the integration process and other life cycle processes. — specifies requirements for information items to be produced as a result of using the integration process, including the content of the information items. This document is applicable to: — those who use or plan to use ISO/IEC/IEEE 12207 or ISO/IEC/IEEE 15288, or both, on projects dealing with human-made systems, software-intensive systems, and products and services related to those systems, regardless of the project scope, methodology, size, or complexity; — anyone planning or performing integration activities to aid in ensuring that the application of the integration process and its relationships to other system life cycle processes conform to ISO/IEC/IEEE 15288 or ISO/IEC/IEEE 12207.

  • Standard
    42 pages
    English language
    sale 15% off