To main content

Hunting for Aardvarks: Can Software Security be Measured?

Abstract

When you are in charge of building software from the ground up, software security can be encouraged through the use of secure software development methodologies. However, how can you measure the security of a given piece of software that you didn’t write yourself? In other words, when looking at two executables, what does “a is more secure than b” mean? This paper examines some approaches to measuring software security, and reccommends that more organisations should employ the Building Security In Maturity Model (BSIMM).

Category

Academic article

Language

English

Affiliation

  • SINTEF Digital / Software Engineering, Safety and Security

Year

2012

Published in

Lecture Notes in Computer Science (LNCS)

ISSN

0302-9743

Publisher

Springer

Volume

7465

Page(s)

85 - 92

View this publication at Cristin