Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

Predicting Software Assurance Using Quality and Reliability Measures

  • Abstract

    Security vulnerabilities are defects that enable an external party to compromise a system. Our research indicates that improving software quality by reducing the number of errors also reduces the number of vulnerabilities and hence improves software security. Some portion of security vulnerabilities (maybe over half of them) are also quality defects. This report includes security analysis based on data the Software Engineering Institute (SEI) has collected over many years for 100 software development projects. Can quality defect models that predict quality results be applied to security to predict security results? Simple defect models focus on an enumeration of development errors after they have occurred and do not relate directly to operational security vulnerabilities, except when the cause is quality related. This report discusses how a combination of software development and quality techniques can improve software security.

  • Download

Cite This Report

SEI

Woody, Carol; Ellison, Robert; & Nichols, William. Predicting Software Assurance Using Quality and Reliability Measures. CMU/SEI-2014-TN-026. Software Engineering Institute, Carnegie Mellon University. 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=428589

IEEE

Woody. Carol, Ellison. Robert, and Nichols. William, "Predicting Software Assurance Using Quality and Reliability Measures," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2014-TN-026, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=428589

APA

Woody, Carol., Ellison, Robert., & Nichols, William. (2014). Predicting Software Assurance Using Quality and Reliability Measures (CMU/SEI-2014-TN-026). Retrieved August 16, 2017, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=428589

CHI

Carol Woody, Robert Ellison, & William Nichols. Predicting Software Assurance Using Quality and Reliability Measures (CMU/SEI-2014-TN-026). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=428589

MLA

Woody, Carol., Ellison, Robert., & Nichols, William. 2014. Predicting Software Assurance Using Quality and Reliability Measures (Technical Report CMU/SEI-2014-TN-026). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=428589

BibTex

@techreport{WoodyPredictingSoftware2014,
title={Predicting Software Assurance Using Quality and Reliability Measures},
author={Carol Woody and Robert Ellison and William Nichols},
year={2014},
number={CMU/SEI-2014-TN-026},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=428589} }