Visible to the public Measuring Software Security from the Design of Software

TitleMeasuring Software Security from the Design of Software
Publication TypeConference Paper
Year of Publication2017
AuthorsSaarela, Marko, Hosseinzadeh, Shohreh, Hyrynsalmi, Sami, Leppänen, Ville
Conference NameProceedings of the 18th International Conference on Computer Systems and Technologies
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5234-5
Keywordsassurance, composability, computer security, evaluation, measuring security, Metrics, pubcrawl, Scalability, security metrics, software assurance, software design, software security

With the increasing use of mobile phones in contemporary society, more and more networked computers are connected to each other. This has brought along security issues. To solve these issues, both research and development communities are trying to build more secure software. However, there is the question that how the secure software is defined and how the security could be measured. In this paper, we study this problem by studying what kinds of security measurement tools (i.e. metrics) are available, and what these tools and metrics reveal about the security of software. As the result of the study, we noticed that security verification activities fall into two main categories, evaluation and assurance. There exist 34 metrics for measuring the security, from which 29 are assurance metrics and 5 are evaluation metrics. Evaluating and studying these metrics, lead us to the conclusion that the general quality of the security metrics are not in a satisfying level that could be suitably used in daily engineering work flows. They have both theoretical and practical issues that require further research, and need to be improved.

Citation Keysaarela_measuring_2017