icon-carat-right menu search cmu-wordmark

Models for Assessing the Cost and Value of Software Assurance

White Paper
In this paper, the authors present IT valuation models that represent the most commonly accepted approaches to the valuation of IT and IT processes.
Publisher

Software Engineering Institute

Abstract

It is not enough to simply estimate the cost of doing secure software assurance: you must also justify it from a value perspective.  This paper presents IT valuation models that represent the most commonly accepted approaches to the valuation of IT and IT processes. These models can be categorized into four initial types: investment based, cost based, environmental/contextual, and quantitative estimation. However, the general conclusion is that there are only two valid ways to approach valuation of the secure software assurance process: quantitative and environmental.