Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Technical Note

Exploring the Use of Metrics for Software Assurance

  • March 2019
  • By Carol Woody, PhD, Robert J. Ellison, Charlie Ryan
  • This report proposes measurements for each Software Assurance Framework (SAF) practice that a program can select to monitor and manage the progress it’s making toward software assurance.
  • CERT/CC
  • Publisher: Software Engineering Institute
    CMU/SEI Report Number: CMU/SEI-2018-TN-004
  • Abstract

    The Software Assurance Framework (SAF) is a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. The SAF can be used to assess an acquisition program’s current cybersecurity practices and chart a course for improvement, ultimately reducing the cybersecurity risk of deployed software-reliant systems.
     
    This report proposes measurements for each SAF practice that a program can select to monitor and manage the progress it’s making toward software assurance. Metrics are needed to determine how effectively a practice is performed and how well software assurance is addressed. This report presents an approach for determining which SAF practices should be measured and how. It provides acquirers, program managers, and contractors with an approach for using metrics to establish confidence that the systems they plan to field will have sufficient software assurance.
  • Download

Cite This Report

SEI

Woody, Carol; Ellison, Robert; & Ryan, Charles. Exploring the Use of Metrics for Software Assurance. CMU/SEI-2018-TN-004. Software Engineering Institute, Carnegie Mellon University. 2019. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540881

IEEE

Woody. Carol, Ellison. Robert, and Ryan. Charles, "Exploring the Use of Metrics for Software Assurance," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2018-TN-004, 2019. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540881

APA

Woody, Carol., Ellison, Robert., & Ryan, Charles. (2019). Exploring the Use of Metrics for Software Assurance (CMU/SEI-2018-TN-004). Retrieved March 21, 2019, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540881

CHI

Carol Woody, Robert Ellison, & Charles Ryan. Exploring the Use of Metrics for Software Assurance (CMU/SEI-2018-TN-004). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2019. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540881

MLA

Woody, Carol., Ellison, Robert., & Ryan, Charles. 2019. Exploring the Use of Metrics for Software Assurance (Technical Report CMU/SEI-2018-TN-004). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540881

BibTex

@techreport{WoodyExploringthe2019,
title={Exploring the Use of Metrics for Software Assurance},
author={Carol Woody and Robert Ellison and Charles Ryan},
year={2019},
number={CMU/SEI-2018-TN-004},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=540881} }