Software base
Generation of an installed software base
Activity 1: Installation of tools and evaluation of applications
It is common that new application areas are initially developed without systematic anticipation of security (e.g. confidentiality, privacy, anonymity etc.). Particular applications such as ambient intelligence, e-Health applications, mobile protocols, and Identity Management are some examples. This is often tied to the fact that in initial design phases neither relevant security know-how nor specified responsibilities have been defined as part of the project (e.g. because of shortage of monetary or know-how resources).
Driver: ENISA Stakeholders have often expressed their interest in having ENISA as a contributor to security issues of applications and systems. Risk Assessments is one major activity in determining security properties of applications.