Exploring the Use of Metrics for Software Assurance

Abstract

The Software Assurance Framework (SAF) is a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. The SAF can be used to assess an acquisition programs current cybersecurity practices and chart a course for improvement, ultimately reducing the cybersecurity risk of deployed software-reliant systems. This report proposes measurements for each SAF practice that a program can select to monitor and manage the progress its making toward software assurance. Metrics are needed to determine how effectively a practice is performed and how well software assurance is addressed. This report presents an approach for determining which SAF practices should be measured and how. It provides acquirers, program managers, and contractors with an approach for using metrics to establish confidence that the systems they plan to field will have sufficient software assurance.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 01, 2018
Accession Number
AD1084506

Entities

People

  • Carol C. Woody
  • Charlie Ryan
  • Robert J. Ellison

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Acquisition
  • Classification
  • Computer Programming
  • Computer Programs
  • Contractors
  • Cybersecurity
  • Engineering
  • National Security
  • Reliability
  • Risk Analysis
  • Software Design
  • Software Development
  • Software Metrics
  • Software Testing
  • Supply Chain
  • Systems Engineering
  • Test And Evaluation

Fields of Study

  • Computer science

Readers

  • Defense Acquisition Program Management
  • Electromagnetic Wave Scattering and Antenna Radiation Engineering
  • Software Engineering.

Technology Areas

  • Cyber