Predicting Software Assurance Using Quality and Reliability Measures
• Technical Note
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2014-TN-026DOI (Digital Object Identifier)
10.1184/R1/6582113.v1Abstract
Security vulnerabilities are defects that enable an external party to compromise a system. Our research indicates that improving software quality by reducing the number of errors also reduces the number of vulnerabilities and hence improves software security. Some portion of security vulnerabilities (maybe over half of them) are also quality defects. This report includes security analysis based on data the Software Engineering Institute (SEI) has collected over many years for 100 software development projects. Can quality defect models that predict quality results be applied to security to predict security results? Simple defect models focus on an enumeration of development errors after they have occurred and do not relate directly to operational security vulnerabilities, except when the cause is quality related. This report discusses how a combination of software development and quality techniques can improve software security.
Cite This Technical Note
Woody, C., Ellison, R., & Nichols, B. (2014, December 22). Predicting Software Assurance Using Quality and Reliability Measures. (Technical Note CMU/SEI-2014-TN-026). Retrieved December 22, 2024, from https://doi.org/10.1184/R1/6582113.v1.
@techreport{woody_2014,
author={Woody, Carol and Ellison, Robert and Nichols, Bill},
title={Predicting Software Assurance Using Quality and Reliability Measures},
month={{Dec},
year={{2014},
number={{CMU/SEI-2014-TN-026},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6582113.v1},
note={Accessed: 2024-Dec-22}
}
Woody, Carol, Robert Ellison, and Bill Nichols. "Predicting Software Assurance Using Quality and Reliability Measures." (CMU/SEI-2014-TN-026). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, December 22, 2014. https://doi.org/10.1184/R1/6582113.v1.
C. Woody, R. Ellison, and B. Nichols, "Predicting Software Assurance Using Quality and Reliability Measures," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2014-TN-026, 22-Dec-2014 [Online]. Available: https://doi.org/10.1184/R1/6582113.v1. [Accessed: 22-Dec-2024].
Woody, Carol, Robert Ellison, and Bill Nichols. "Predicting Software Assurance Using Quality and Reliability Measures." (Technical Note CMU/SEI-2014-TN-026). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 22 Dec. 2014. https://doi.org/10.1184/R1/6582113.v1. Accessed 22 Dec. 2024.
Woody, Carol; Ellison, Robert; & Nichols, Bill. Predicting Software Assurance Using Quality and Reliability Measures. CMU/SEI-2014-TN-026. Software Engineering Institute. 2014. https://doi.org/10.1184/R1/6582113.v1