Please use this identifier to cite or link to this item:
https://dair.nps.edu/handle/123456789/1441
Title: | Security Measurement Establishing Confidence That System and Software Security Is Sufficient |
Authors: | Carol Woody |
Keywords: | Security Measurement Software Security Software Million Lines of Code MLOC |
Issue Date: | 30-Mar-2017 |
Publisher: | Acquisition Research Program |
Citation: | Published--Unlimited Distribution |
Series/Report no.: | Software SYM-AM-17-063 |
Abstract: | Evaluating the software assurance of a product as it functions within a specific system context involves assembling carefully chosen metrics that demonstrate a range of behaviors to establish confidence that the product functions as intended and is free of vulnerabilities. The first challenge is to establish that the requirements define the appropriate security behavior and the design addresses these security concerns. The second challenge is to establish that the completed product, as built, fully satisfies the specifications. Measures to provide assurance must, therefore, address requirements, design, construction, and test. We know that software is never defect free. According to Jones and Bonsignour (2012), the average defect level in the United States is 0.75 defects per function point or 6,000 per million lines of code (MLOC) for a high-level language. Thus, software, on average, cannot always function perfectly as intended. Additionally, we cannot establish that software is completely free from vulnerabilities based on our research which indicates that 5% of defects should be categorized as vulnerabilities. So how can we establish reasonable confidence in software security? To answer this question, the Software Engineering Institute (SEI) is researching how measurement can be used to establish confidence in software security. This paper will share our progress to date. |
Description: | Acquisition Management / Defense Acquisition Community Contributor |
URI: | https://dair.nps.edu/handle/123456789/1441 |
Appears in Collections: | Annual Acquisition Research Symposium Proceedings & Presentations |
Files in This Item:
File | Size | Format | |
---|---|---|---|
SYM-AM-17-063.pdf | 326.55 kB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.