Software Engineering Institute

This report identifies and describes the current state of the practice in software assurance measurement. This discussion focuses on the methods and technologies that are applicable in the domain of existing software products, software services, and software processes. This report is not meant to be prescriptive; instead it attempts to provide an end-to-end discussion of the state of the practice in software assurance measurement. In addition, it points out significant emerging trends in the field. The overall discussion touches on the existing principles, concepts, methods, tools, techniques, and best practices for detection of defects and vulnerabilities in code.