Principles and Measurement Models for Software Assurance
Ensuring and sustaining software product integrity requires that all project stakeholders share a common understanding of the status of the product throughout the development and sustainment processes. Accurately measuring the product's status helps achieve this shared understanding. This paper presents an effective measurement model organized by seven principles that capture the fundamental managerial and technical concerns of development and sustainment. These principles guided the development of the measures presented in the paper. Data from the quantitative measures help organizational stakeholders make decisions about the performance of their overall software assurance processes. Complementary risk-based data help them make decisions relative to the assessment of risk. The quantitative and risk-based measures form a comprehensive model to assess program and organizational performance. An organization using this model will be able to assess its performance to ensure secure and trustworthy products.