Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date

White Paper

Models for Assessing the Cost and Value of Software Assurance

  • Abstract

    It is not enough to simply estimate the cost of doing secure software assurance: you must also justify it from a value perspective.  This paper presents IT valuation models that represent the most commonly accepted approaches to the valuation of IT and IT processes. These models can be categorized into four initial types: investment based, cost based, environmental/contextual, and quantitative estimation. However, the general conclusion is that there are only two valid ways to approach valuation of the secure software assurance process: quantitative and environmental.

  • Download