Security Metrics for Software System
نویسندگان
چکیده
Security metrics for software systems provide quantitative measurement for the degree of trustworthiness for software systems. This paper proposes a new approach to define software security metrics based on vulnerabilities included in the software systems and their impacts on software quality. We use the Common Vulnerabilities and Exposures (CVE), an industry standard for vulnerability and exposure names, the Common Weakness Enumeration (CWE), a list of software weaknesses, and the Common Vulnerability Scoring System (CVSS), a vulnerability scoring system designed to provide an open and standardized method for rating software vulnerabilities, in our metric definition and calculation. Examples are provided at the end of the paper, which show that our definition is consistent with the common practice and real-world experience about software quality.
منابع مشابه
A Security Metrics Taxonomization Model for Software-Intensive Systems
We introduce a novel high-level security metrics objective taxonomization model for software-intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emph...
متن کاملRisk-Driven Security Metrics in Agile Software Development - An Industrial Pilot Study
The need for effective and efficient information security solutions is steadily increasing in the software industry. Software and system developers require practical and systematic approaches to obtain sufficient and credible evidence of the security level in the system under development in order to guide their efforts and ensure the efficient use of resources. We present experiences of develop...
متن کاملProperties for Security Measures of Software Products
A large number of attacks on computing systems succeed because of the existence of software flaws (e.g. buffer overflow, race conditions etc.) that could be fixed through a careful design process. An effective way of improving the quality of software products consists of using metrics to guide the development process. The field of software security metrics however is still in infancy in contras...
متن کاملTowards Measuring the Project Management Process During Large Scale Software System Implementation Phase
Project management is an important factor to accomplish the decision to implement large-scale software systems (LSS) in a successful manner. The effective project management comes into play to plan, coordinate and control such a complex project. Project management factor has been argued as one of the important Critical Success Factor (CSF), which need to be measured and monitored carefully duri...
متن کاملMetrics That Matter: Quantifying Software Security Risk
Any endeavor worth pursuing is worth measuring, but software security presents new measurement challenges: there are no established formulas or procedures for quantifying the security risk present in a program. This document details the importance of measuring software security and discusses the less-thansatisfying approaches that are prevalent today. A new set of metrics is then proposed for e...
متن کاملA Secure Software Access Measure using Coupling, Complexity and Cohesion Metrics
Security being an imperative feature and a crucial need of any software system the security issues have always been secondary for the developers in SDLC progression. The unavailability of the information about the proactive vulnerabilities and the security breaches makes the software much apprehensive. The vulnerability prone nature of the software that affects the secure access that is aimed i...
متن کامل