Deriving Software Security Measures from Information Security Standards of Practice
February 2012 • White Paper
Christopher J. Alberts, Julia H. Allen, Robert W. Stoddard
In this paper, the authors describe an approach for deriving measures of software security from common standard practices for information security.
Abstract
This white paper describes an approach for deriving measures of software security from well-established and commonly used standard practices for information security. This work was performed as part of the Software Engineering Institute's Software Security Measurement and Analysis (SSMA) project. It is an initial demonstration of how SSMA-defined software security drivers can be used in concert with practices and standards to derive meaningful measures of software security.