July 28, 2008 to Aug. 1, 2008
Secure software is crucial in today’s software dependent world. However, most of the time, security is not addressed from the very beginning of a software development life cycle (SDLC), and it is only incorporated after the software has been developed. Even when security is considered since the inception of the software development, there is no concrete way to quantify security of an SDLC artifact. This quantification is necessary to know about the security state of an SDLC artifact after each phase of software development. Moreover, this could help the software developers in allocating further resources to increase security and decrease the vulnerabilities in any software. In this paper, we use vulnerability occurrences to calculate a vulnerability index of an SDLC artifact that provides an indication about the existing vulnerabilities. Moreover, we calculate a security index by using the combined potential damage that can be caused due to vulnerabilities.
Muhammad Umair Ahmed Khan, Mohammad Zulkernine, "Quantifying Security in Secure Software Development Phases", COMPSAC, 2008, 2013 IEEE 37th Annual Computer Software and Applications Conference, 2013 IEEE 37th Annual Computer Software and Applications Conference 2008, pp. 955-960, doi:10.1109/COMPSAC.2008.173