A Common Sense Way to Make the Business Case for Software Assurance

Abstract

This article demonstrates how a true cost/benefit for secure software can be derived using three generic practice areas: (1) threat/risk understanding, (2) implementation of security requirements, and (3) operational security testing. Having an accurate cost for these aspects of the software assurance process would allow decision makers to make intelligent decisions about the level of investment they wish to make.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2013
Accession Number
AD1171179

Entities

People

  • Antonio Drommi
  • Dan Shoemaker
  • Jeff Ingalsbe
  • Jennifer M. Bailey
  • Nancy R. Mead

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Best Practices
  • Commerce
  • Computer Programming
  • Computer Programs
  • Costs
  • Economic Analysis
  • Economics
  • Engineering
  • Guarantees
  • Homeland Security
  • Investments
  • Life Cycles
  • Materials
  • National Security
  • Risk
  • Risk Analysis
  • Security
  • Software Assurance
  • Software Development
  • Specifications
  • Standards
  • Test And Evaluation
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Software Engineering.
  • Team-Based Human-Centered Cognitive Task Decision Making and Information Performance.