Abstract
It is difficult to state whether a certain software product is
developed securely enough. An evaluation methodology that takes the security
assurance methods used during the software development lifecycle into
account is one step closer to a solution to this problem. In this paper we
discuss our first heuristics for security assurance evaluation that would
give guidelines on the trustworthiness of the software development
lifecycle. The input for evaluations include the context, expert opinions,
outcome of the methods and reputation. Our evaluation heuristics are a step
towards being able to deduce about the level of assurance for a software
process, compared to a certain context-specific baseline. (14 refs.)
Original language | English |
---|---|
Title of host publication | Proceedings |
Subtitle of host publication | International Conference on Availability, Reliability and Security, ARES 2009 |
Place of Publication | US |
Publisher | IEEE Institute of Electrical and Electronic Engineers |
Pages | 817-822 |
ISBN (Print) | 978-1-4244-3572-2, 978-0-7695-3564-7 |
DOIs | |
Publication status | Published - 2009 |
MoE publication type | A4 Article in a conference publication |
Event | International Conference on Availability, Reliability and Security, ARES 2009 - Fukuoka, Japan Duration: 16 Mar 2009 → 19 Mar 2009 |
Conference
Conference | International Conference on Availability, Reliability and Security, ARES 2009 |
---|---|
Country/Territory | Japan |
City | Fukuoka |
Period | 16/03/09 → 19/03/09 |