Deriving Software Security Measures from Information Security Standards of Practice
• White Paper
Software Engineering Institute
This white paper describes an approach for deriving measures of software security from well-established and commonly used standard practices for information security. This work was performed as part of the Software Engineering Institute's Software Security Measurement and Analysis (SSMA) project. It is an initial demonstration of how SSMA-defined software security drivers can be used in concert with practices and standards to derive meaningful measures of software security.