Definition of Security Metrics for Software Security-enhanced Development
نویسندگان
چکیده
منابع مشابه
Security Metrics for Software System
Security metrics for software systems provide quantitative measurement for the degree of trustworthiness for software systems. This paper proposes a new approach to define software security metrics based on vulnerabilities included in the software systems and their impacts on software quality. We use the Common Vulnerabilities and Exposures (CVE), an industry standard for vulnerability and expo...
متن کاملSoftware security metrics for malware resilience
We examine the level of resistance offered by a software product against malicious software (malware) attacks. Analysis is performed on the software architecture. This is available as a result of the software design process and can hence be used at an early stage in development. A model of a generic computer system is developed, based on the internationally recognized Common Criteria for Inform...
متن کاملA Review of Security Metrics in Software Development Process
Security level, security performance, and security indicators have become standard terms to define security metrics. The data derived from these metrics helps in measurement of software security. The metrics help achieve security objectives – confidentiality, integrity and availability. The security can be assessed for further improvement during development process of the software or the produc...
متن کاملMetrics That Matter: Quantifying Software Security Risk
Any endeavor worth pursuing is worth measuring, but software security presents new measurement challenges: there are no established formulas or procedures for quantifying the security risk present in a program. This document details the importance of measuring software security and discusses the less-thansatisfying approaches that are prevalent today. A new set of metrics is then proposed for e...
متن کاملIntroducing a Novel Security-Enhanced Agile Software Development Process
In this paper, a novel security-enhanced agile software development process, SEAP, is introduced. It has been designed, tested, and implemented at Ericsson AB, specifically in the development of a mobile money transfer system. Two important features of SEAP are 1) that it includes additional security competences, and 2) that it includes the continuous conduction of an integrated risk analysis f...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Journal of Internet Computing and Services
سال: 2016
ISSN: 1598-0170
DOI: 10.7472/jksii.2016.17.4.79