Software Engineering Institute

This article discusses how measurement can be applied to software development processes and work products to monitor and improve the security characteristics of the software being developed. It is aimed at practitioners—designers, architects, requirements specialists, coders, testers, and managers—who desire guidance as to the best way to approach measurement for secure development. It does not address security measurements of system or network operations.