DANSK DSF/ISO/IEC FDIS 23643 [ Draft ]

This International Standard gives guidelines and specifies requirements for both the vendors and the users of software safety and security verification tools. The users of such tools include, but are not limited to verification service providers, certification bodies, and software developers who need to be aware and pay attention to safety and/or security of software. The tool vendors are guided to provide as high quality products as possible and the users are helped to understand the capabilities and characteristics of verification tools. This document specifies the terms related to software safety and security verification, defines the use cases for software safety and security verification tools and introduces the entity relationship models related to them. The document also introduces tool categories for software safety and security verification tools and gives guidance and requirements for the tools. It is important to realize that verification of safety and security of software does not necessarily verify the safety and security of the system using the software as a component. However, if a system consists of software components which are not verified, the safety and security of the system cannot be guaranteed at any level. The terms related to software safety and security verification specified in this document, are adopted and adapted from related ISO and IEC standards whenever applicable (e.g. ISO/IEC 25010 System and software quality models, ISO/IEC 16085 Lifecycle processes – Risk management, ISO/IEC 15408 Common criteria, ISO/IEC 27005 IT security risk management, and IEC 61508-4 Functional safety – software requirements).