Klaus P. Jantke and Oliver Keller, German Research Center for Artificial Intelligence, Ltd., Germany
The paper is aiming at a step towards a process model for the development of systems that are valid in the sense of meeting both specified security requirements and diverse user needs and expectations. The ultimate goal is to certify a system’s validity. Derived from IT security evaluation criteria, the paper is outlining a certain integration of two independently developed process models in a way that validation and verification are becoming truly dovetailed. The discussed evaluation process model is currently being developed and implemented in the authors’ IT security evaluation facility (ITSEF). It is one of the targets of this publication to bring academic research and development on validation and verification closer to the IT security evaluation practice.