# Design Dimensions for Software Certification: A Grounded Analysis

**Authors:** Gabriel Ferreira, Christian K\"astner, Joshua Sunshine, Sven, Apel, William Scherlis

arXiv: 1905.09760 · 2019-05-24

## TL;DR

This paper analyzes certification standards for software, comparing Common Criteria and DO-178C, to identify design dimensions that influence their effectiveness and guide future standard development.

## Contribution

It introduces a framework of design dimensions for software certification standards based on comparative analysis and expert insights.

## Key findings

- Identification of key design dimensions affecting certification quality
- Comparison of Common Criteria and DO-178C standards
- Insights into industry challenges and technical approaches

## Abstract

In many domains, software systems cannot be deployed until authorities judge them fit for use in an intended operating environment. Certification standards and processes have been devised and deployed to regulate operations of software systems and prevent their failures. However, practitioners are often unsatisfied with the efficiency and value proposition of certification efforts. In this study, we compare two certification standards, Common Criteria and DO-178C, and collect insights from literature and from interviews with subject-matter experts to identify design options relevant to the design of standards. The results of the comparison of certification efforts---leading to the identification of design dimensions that affect their quality---serve as a framework to guide the comparison, creation, and revision of certification standards and processes. This paper puts software engineering research in context and discusses key issues around process and quality assurance and includes observations from industry about relevant topics such as recertification, timely evaluations, but also technical discussions around model-driven approaches and formal methods. Our initial characterization of the design space of certification efforts can be used to inform technical discussions and to influence the directions of new or existing certification efforts. Practitioners, technical commissions, and government can directly benefit from our analytical framework.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.09760/full.md

## Figures

2 figures with captions in the complete paper: https://tomesphere.com/paper/1905.09760/full.md

## References

73 references — full list in the complete paper: https://tomesphere.com/paper/1905.09760/full.md

---
Source: https://tomesphere.com/paper/1905.09760