CFP last date
20 December 2024
Reseach Article

Article:The Applicability of Existing Metrics for Software Security

by Sree Ram Kumar T, Sumithra A, Alagarsamy K
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 8 - Number 2
Year of Publication: 2010
Authors: Sree Ram Kumar T, Sumithra A, Alagarsamy K
10.5120/1184-1638

Sree Ram Kumar T, Sumithra A, Alagarsamy K . Article:The Applicability of Existing Metrics for Software Security. International Journal of Computer Applications. 8, 2 ( October 2010), 29-33. DOI=10.5120/1184-1638

@article{ 10.5120/1184-1638,
author = { Sree Ram Kumar T, Sumithra A, Alagarsamy K },
title = { Article:The Applicability of Existing Metrics for Software Security },
journal = { International Journal of Computer Applications },
issue_date = { October 2010 },
volume = { 8 },
number = { 2 },
month = { October },
year = { 2010 },
issn = { 0975-8887 },
pages = { 29-33 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume8/number2/1184-1638/ },
doi = { 10.5120/1184-1638 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T19:57:27.493624+05:30
%A Sree Ram Kumar T
%A Sumithra A
%A Alagarsamy K
%T Article:The Applicability of Existing Metrics for Software Security
%J International Journal of Computer Applications
%@ 0975-8887
%V 8
%N 2
%P 29-33
%D 2010
%I Foundation of Computer Science (FCS), NY, USA
Abstract

With the increasing inclination of people to use software systems for most of the purposes, comes a major challenge for software engineers – the engineering of secure software systems. The concept of “Computer Security” is being heavily researched and this perfectly makes sense in a world where e-commerce and e-governance are becoming the norms of the day. Along with their potential for making life easier and smarter for people, these systems also carry with them the danger of insecurity. Because any software system is an outcome of some software engineering process it makes sense to incorporate security considerations during the software engineering processes. This is easier said than done because traditional software engineering approaches are requirements driven and pay very little, if any, attention to security. Tom DeMarco [1] stated, “You can’t control what you can't measure.” This clearly states the importance of metrics in software engineering. Traditional software metrics do not address the issue of security well and now with security becoming an imperative necessity of most software systems, these metrics have to be adapted to take into account the security aspect. The paper discusses the applicability of some established metrics for the security aspect.

References
  1. http://en.wikipedia.org/wiki/Software_metrics
  2. Rubin, H. A. “Macro-Estimation of Software Development Parameters: The ESTIMACS System.” Proc. SOFTFAIR: A Conference on Software Development Tools, Techniques, and Alternatives. New York: IEEE, July 1983, 109-118.
  3. Mills, Everald E, “Software Metrics SEI Curriculum module SEI – CM – 12 – 1.1”, Carnegie Mellon University, Software Engineering Institute, December, 1988.
  4. SSE-CMM: Systems Security Engineering Capability Maturity Model, International Systems Security Engineering Association (ISSEA), referenced on July 7, 2008, http://www.sse-cmm.org/metric/metric.asp
  5. Chess, Brian, “Metrics That Matter – Quantifying Software Security Risk”, Proceedings of Workshop on Software Security Assurance Tools, Techniques, and Metrics, National Institute of Standards And Technology, February 2006.
  6. Boehm, B. W. “Software Engineering Economics”, Englewood Cliffs, N. J.: Prentice-Hall, 1981.
  7. Jones, T. C. “Programming Productivity”, New York: McGraw-Hill, 1986.
  8. Myers, G. J. “An Extension to Cyclomatic Measure Of Program Complexity”, ACM SIGPLAN Notices 12, 10 (Oct. 1977), 61-64.
  9. Stetter, F. “A Measure of Program Complexity”, Computer Languages 9, 3-4(1984), 203-208.
  10. Woodward, M. R., M. A. Hennell, and D. Hedley. “A Measure of Control Flow Complexiy in Program Text”, IEEE Trans. Software Eng. SE-5, 1 (Jan. 1979), 45-50.
  11. Kafura, D. and S. Henry. “Software Quality Metrics Based on Interconnectivity”, J. Syst. and Software 2, 2 (June 1981), 121-131
  12. Halstead, M. H. “Elements of Software Science”, New York: Elsevier North-Holland, 1977.
  13. Boehm, B. W., J. R. Brown, and M. Lipow, “Quantitative Evaluation of Software Quality”, Proc. 2nd Intl. Conf. On Software Engineering, Long Beach, Calif.: IEEE Computer Society, Oct. 1976, 592-605.
  14. McCall, J. A., P. K. Richards, and G. F. Walters, “Factors in Software Quality, Vol. I, II, III: Final Tech. Report.”, RADC-TR-77-369, Rome Air Development Center, Air Force Systems Command, Griffiss Air Force Base, N. Y., 1977.
  15. Littlewood Bev, Brocklehurst Sarah, Fenton Norman, Mellor Peter, Wright David, Dobson John, McDermid John, Gollmann Dieter, “Towards Operational Measures of Computer Security”, http://www.csr.city.ac.uk/people/bev.littlewood/bl_public_papers/Measurement_of_security/Quantitative_security.pdf
  16. Jansen, Wayne, “Directions in Security Metrics Research”, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD, April 2009.
  17. Ferrari, D. “Considerations on the Insularity of Performance Evaluation”, IEEE Trans. Software Eng. SE-12, 6 (June 1986), 678-683.
Index Terms

Computer Science
Information Sciences

Keywords

Metrics Security Security Metrics Size Metrics Complexity Metrics