Software Risk Assessment for Measuring Instruments in Legal Metrology

In Europe, measuring instruments subject to legal control are responsible for an annual turnover of 500 billion Euros and need to pass a conformity assessment with respect to European directives or national legislation before they can be used. Today, measuring instruments are frequently integrated into open networks and even branch into the areas of cloud computing and Internet of Things. Since software is one of the key components of such devices, Germany's national metrology institute, the Physikalisch-Technische Bundesantalt, is developing a method to assess the risks and evaluate current threats associated with software. The method uses the structure of and combines elements from the international ISO/IEC standards 27005 and 15408. It could be helpful for conformity assessment bodies and industry alike and supports the comparability of risk assessment results. Despite its focus on legal metrology, the method is applicable to other areas where software risk assessment is required, too.