search menu icon-carat-right cmu-wordmark

A Common Sense Way to Make the Business Case for Software Assurance

May 2013 White Paper
Antonio Drommi, Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), John Bailey, Nancy R. Mead

In this article, the authors demonstrate how a true cost/benefit for secure software can be derived.

Publisher:

CERT

Abstract

This article demonstrates how a true cost/benefit for secure software can be derived using three generic practice areas: (1) threat/risk understanding, (2) implementation of security requirements, and (3) operational security testing. Having an accurate cost for these aspects of the software assurance process would allow decision makers to make intelligent decisions about the level of investment they wish to make.