Measuring security requirements for software security (original) (raw)
Related papers
Metrics to Assess and Manage Software Application Security Risk
Software application security risk is of critical importance to modern enterprises and organizations. The very existence of these entities often depends on the successful and secure operation of mission critical applications such as the outer space explorations and high assurance scenarios regarding the surgery table for one striking example. Software application security risk is concerned primarily with how security personnel, facility managers, network personnel, management, and other interested parties rate their experience with the various aspects of software security risk, and overall management and maintenance, including issues such as continuity or availability of service, security design and configuration to name a few. To address this need, the principal author has built the fundamental (probability and game-theory related) computational aspects and an associated automated software tool for quantitative risk management. This tool, the Risk-o-Meter (RoM) provides measurable ...
SECURITY MEASUREMENT BASED ON GQM TO IMPROVE APPLICATION SECURITY DURING REQUIREMENTS STAGE
Developing secure web applications that can withstand malicious attacks requires a careful injection of security considerations into early stages of development lifecycle. Assessing security at the requirement analysis stage of the application development life cycle may help in mitigating security defects before they spread their wings into the latter stages of the development life cycle and into the final version of product. In this paper, we present a security metrics model based on the Goal Question Metric (GQM) approach, focusing on the design of the misuse case model. Misuse case is a technique to identify threats and integrate security requirements during the requirement analysis stage. The security metrics model helps in discovering and evaluating the misuse case models by ensuring a defect-free model. Here, the security metrics are based on the OWASP top 10-2010, in addition to misuse case modeling antipattern.
2008 International Conference on Information Security and Assurance (isa 2008), 2008
In this paper, we present a new set of metrics for building secure software systems. The proposed metrics aim to address security risks throughout the entire software development life cycle (SDLC). The importance of this work comes from the fact that assessing security risks at early stages of the development life cycle can help implement efficient solutions before the software
Significance of Security Metrics in Secure Software Development
With increasing advancement of technology in the past years rise various security issues and problems. In this connected world, security is a paramount and challenging issue in software development and is the demand of time. However usually engineers/developers think about it after the development of the entire software and at that it's too late. Though, the software developers are aware of the importance of security and its priority throughout software development life cycle. Considering the security challenging issues right from the early stages of software development and incorporating it during software development indicates good research and development.
A Review of Security Metrics in Software Development Process
2011
Security level, security performance, and security indicators have become standard terms to define security metrics. The data derived from these metrics helps in measurement of software security. The metrics help achieve security objectives – confidentiality, integrity and availability. The security can be assessed for further improvement during development process of the software or the product itself. The security assessment is helpful for software developers, risk management team, executives of the company, etc. Our paper reviews both the kinds of metrics and confers the results. Keywords— Security Metrics, Software Development Process.