Deriving Software Security Measures from Information Security Standards of Practice
• White Paper
In this paper, the authors describe an approach for deriving measures of software security from common standard practices for information security.
Publisher
Software Engineering Institute
Topic or Tag
Abstract
This white paper describes an approach for deriving measures of software security from well-established and commonly used standard practices for information security. This work was performed as part of the Software Engineering Institute's Software Security Measurement and Analysis (SSMA) project. It is an initial demonstration of how SSMA-defined software security drivers can be used in concert with practices and standards to derive meaningful measures of software security.