Subtopic 2 - Trustworthy Software Certification Methods

Certification provides the foundation for verifiable trust in software systems, yet existing methods struggle to ensure dependable security at the scale and complexity of modern mobility software. Existing certification schemes like TARA assess product security in a highly manual and subjective manner, hence lacking formal guarantees. Lower levels of the Common Criteria (CC) define quality assurance measures in the development process, hence also not guaranteeing quality standards of the actual software product. At high assurance levels (EAL6+) the CC prescribes formal analysis and also defines product security profiles. However, the application of such formal analysis is prohibitively expensive or technically infeasible for modern software-intensive systems, due to the following reasons: a) restrictive assumptions about the analyzability of software artefacts, b) overly strict pass/fail evaluation models that prevent graded dependability assessments, and c) the open, interconnected nature of real-world systems that makes closed-world analyses infeasible. Complex mobility systems with millions of lines of code, AI components, and multi-vendor supply chains exceed the analyzability boundaries of current certification approaches.

We aim to overcome these technical barriers through AI-assisted analysis generation and compositional verification, making product certification feasible for systems previously deemed too complex to certify. By enabling technically and formally analyzed dependability in legally regulated certification, we aim to strengthen the overall trustworthiness of future mobility systems for human and societal actors.