search menu icon-carat-right cmu-wordmark

Exploring the Use of Metrics for Software Assurance

Technical Note
This report proposes measurements for each Software Assurance Framework (SAF) practice that a program can select to monitor and manage the progress it's making toward software assurance.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2018-TN-004
DOI (Digital Object Identifier)
10.1184/R1/12366842.v1

Abstract

The Software Assurance Framework (SAF) is a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. The SAF can be used to assess an acquisition program’s current cybersecurity practices and chart a course for improvement, ultimately reducing the cybersecurity risk of deployed software-reliant systems. This report proposes measurements for each SAF practice that a program can select to monitor and manage the progress it's making toward software assurance. Metrics are needed to determine how effectively a practice is performed and how well software assurance is addressed. This report presents an approach for determining which SAF practices should be measured and how. It provides acquirers, program managers, and contractors with an approach for using metrics to establish confidence that the systems they plan to field will have sufficient software assurance.

Cite This Technical Note

Woody, C., Ellison, R., & Ryan, C. (2019, March 7). Exploring the Use of Metrics for Software Assurance. (Technical Note CMU/SEI-2018-TN-004). Retrieved July 25, 2024, from https://doi.org/10.1184/R1/12366842.v1.

@techreport{woody_2019,
author={Woody, Carol and Ellison, Robert and Ryan, Charles},
title={Exploring the Use of Metrics for Software Assurance},
month={Mar},
year={2019},
number={CMU/SEI-2018-TN-004},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/12366842.v1},
note={Accessed: 2024-Jul-25}
}

Woody, Carol, Robert Ellison, and Charles Ryan. "Exploring the Use of Metrics for Software Assurance." (CMU/SEI-2018-TN-004). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, March 7, 2019. https://doi.org/10.1184/R1/12366842.v1.

C. Woody, R. Ellison, and C. Ryan, "Exploring the Use of Metrics for Software Assurance," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2018-TN-004, 7-Mar-2019 [Online]. Available: https://doi.org/10.1184/R1/12366842.v1. [Accessed: 25-Jul-2024].

Woody, Carol, Robert Ellison, and Charles Ryan. "Exploring the Use of Metrics for Software Assurance." (Technical Note CMU/SEI-2018-TN-004). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 7 Mar. 2019. https://doi.org/10.1184/R1/12366842.v1. Accessed 25 Jul. 2024.

Woody, Carol; Ellison, Robert; & Ryan, Charles. Exploring the Use of Metrics for Software Assurance. CMU/SEI-2018-TN-004. Software Engineering Institute. 2019. https://doi.org/10.1184/R1/12366842.v1