Key points are not available for this paper at this time.
Assurance cases are structured arguments that are commonly used to reason about the safety of a product or service. Currently, there is an ongoing push towards using assurance cases also for cybersecurity, especially in safety critical domains, like automotive. While the industry is faced with the challenge of defining a sound methodology to build security assurance cases, the state of the art is rather immature. Therefore, we have conducted a thorough investigation of the (external) constraints and (internal) needs that security assurance cases have to satisfy when used in the automotive industry. This has been done with 28 participants and in the context of two large automotive companies located in Europe: Company A is a passenger car manufacturer, while Company B is a truck manufacturer. An extended version of this paper is available online at https://arxiv.org/abs/2003.14106.
Mohamad et al. (Tue,) studied this question.
Synapse has enriched one closely related paper. Consider it for comparative context: