RESEARCH
An important aspect of security assurance, certification, and evaluation is related to the secure development of systems and their components. Demonstrating compliance with secure development methodologies is often a cornerstone for an effective security assurance argument for complex and critical systems. In this paper, we propose a security assurance argument pattern called Secure Development Decomposition. This pattern is derived from the secure development processes and procedures required for developing a secure system. As a result, the Secure Development Decomposition pattern can be instantiated in the context of a domain-relevant secure development methodology or security standard to demonstrate compliance and adequate security considerations throughout system development as part of a structured security assurance case. To illustrate its applicability, we use an example from the automotive domain to show how to use the pattern to demonstrate compliance with a relevant security standard and its prescribed secure development methodology.