Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library


Predicting Quality Assurance with Software Metrics and Security Methods

  • “Through our research we were able to identify a connection between security vulnerabilities and quality defects.”
  • Watch

  • Listen

    Loading Podcast.....
  • Related

    SEI Blog Post | Using Quality Metrics and Security Methods to Predict Software Assurance

  • Abstract

    To ensure software will function as intended and is free of vulnerabilities (aka software assurance), software engineers must consider security early in the lifecycle, when the system is being designed and architected. Recent research on vulnerabilities supports this claim: Nearly half the weaknesses identified in the Common Weakness Enumeration (CWE) repository have been identified as design weaknesses. These weaknesses are introduced early in the lifecycle and cannot be patched away in later phases. They result from poor (or incomplete) security requirements, system designs, and architecture choices for which security has not been given appropriate priority. Effective use of metrics and methods that apply systematic consideration for security risk can highlight gaps earlier in the lifecycle before the impact is felt and when the cost of addressing these gaps is less. In this podcast, Dr. Carol Woody explores the connection between measurement, methods for software assurance, and security.

  • Transcript
  • Audio

About the Speaker

  • Carol Woody, PhD

    Carol Woody has been a senior member of the technical staff since 2001 and is the technical manager of the Cybersecurity Engineering Team, whose research focuses on security and software assurance for highly complex networked systems throughout the development and acquisition lifecycles.