Abstract
With the increasing use of mobile phones in contemporary society, more and more networked computers are connected to each other. This has brought along security issues. To solve these issues, both research and development communities are trying to build more secure software. However, there is the question that how the secure software is defined and how the security could be measured. In this paper, we study this problem by studying what kinds of security measurement tools (i.e. metrics) are available, and what these tools and metrics reveal about the security of software. As the result of the study, we noticed that security verification activities fall into two main categories, evaluation and assurance. There exist 34 metrics for measuring the security, from which 29 are assurance metrics and 5 are evaluation metrics. Evaluating and studying these metrics, lead us to the conclusion that the general quality of the security metrics are not in a satisfying level that could be suitably used in daily engineering work flows. They have both theoretical and practical issues that require further research, and need to be improved.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 18th International Conference on Computer Systems and Technologies |
| Editors | Boris Rachev, Angel Smrikarov |
| Publisher | ACM |
| Pages | 179-186 |
| ISBN (Print) | 978-1-4503-5234-5 |
| DOIs | |
| Publication status | Published - 22 Jun 2017 |
| Publication type | A4 Article in conference proceedings |
| Event | INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND TECHNOLOGIES - Duration: 1 Jan 1900 → … |
Conference
| Conference | INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND TECHNOLOGIES |
|---|---|
| Period | 1/01/00 → … |
Publication forum classification
- Publication forum level 1