search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Predicting Software Assurance Using Quality and Reliability Measures

Technical Note
By
In this report, the authors discuss how a combination of software development and quality techniques can improve software security.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2014-TN-026
DOI (Digital Object Identifier)
10.1184/R1/6582113.v1
Subjects

Abstract

Security vulnerabilities are defects that enable an external party to compromise a system. Our research indicates that improving software quality by reducing the number of errors also reduces the number of vulnerabilities and hence improves software security. Some portion of security vulnerabilities (maybe over half of them) are also quality defects. This report includes security analysis based on data the Software Engineering Institute (SEI) has collected over many years for 100 software development projects. Can quality defect models that predict quality results be applied to security to predict security results? Simple defect models focus on an enumeration of development errors after they have occurred and do not relate directly to operational security vulnerabilities, except when the cause is quality related. This report discusses how a combination of software development and quality techniques can improve software security.

SHARE
Download PDF
Cite This Technical Note

Woody, C., Ellison, R., & Nichols, B. (2014, December 22). Predicting Software Assurance Using Quality and Reliability Measures. (Technical Note CMU/SEI-2014-TN-026). Retrieved April 24, 2024, from https://doi.org/10.1184/R1/6582113.v1.

@techreport{woody_2014,
author={Woody, Carol and Ellison, Robert and Nichols, Bill},
title={Predicting Software Assurance Using Quality and Reliability Measures},
month={Dec},
year={2014},
number={CMU/SEI-2014-TN-026},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6582113.v1},
note={Accessed: 2024-Apr-24}
}

Woody, Carol, Robert Ellison, and Bill Nichols. "Predicting Software Assurance Using Quality and Reliability Measures." (CMU/SEI-2014-TN-026). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, December 22, 2014. https://doi.org/10.1184/R1/6582113.v1.

C. Woody, R. Ellison, and B. Nichols, "Predicting Software Assurance Using Quality and Reliability Measures," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2014-TN-026, 22-Dec-2014 [Online]. Available: https://doi.org/10.1184/R1/6582113.v1. [Accessed: 24-Apr-2024].

Woody, Carol, Robert Ellison, and Bill Nichols. "Predicting Software Assurance Using Quality and Reliability Measures." (Technical Note CMU/SEI-2014-TN-026). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 22 Dec. 2014. https://doi.org/10.1184/R1/6582113.v1. Accessed 24 Apr. 2024.

Woody, Carol; Ellison, Robert; & Nichols, Bill. Predicting Software Assurance Using Quality and Reliability Measures. CMU/SEI-2014-TN-026. Software Engineering Institute. 2014. https://doi.org/10.1184/R1/6582113.v1

Ask a question about this Technical Note