A Common Sense Way to Make the Business Case for Software Assurance
May 2013 • White Paper
Antonio Drommi, Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), John Bailey, Nancy R. Mead
In this article, the authors demonstrate how a true cost/benefit for secure software can be derived.
This article demonstrates how a true cost/benefit for secure software can be derived using three generic practice areas: (1) threat/risk understanding, (2) implementation of security requirements, and (3) operational security testing. Having an accurate cost for these aspects of the software assurance process would allow decision makers to make intelligent decisions about the level of investment they wish to make.