Abstract : When you are in charge of building software from the ground up, software security can be encouraged through the use of secure software development methodologies. However, how can you measure the security of a given piece of software that you didn’t write yourself? In other words, when looking at two executables, what does “a is more secure than b” mean? This paper examines some approaches to measuring software security, and reccommends that more organisations should employ the Building Security In Maturity Model (BSIMM).
Type de document :
Communication dans un congrès
Gerald Quirchmayr; Josef Basl; Ilsun You; Lida Xu; Edgar Weippl. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Aug 2012, Prague, Czech Republic. Springer, Lecture Notes in Computer Science, LNCS-7465, pp.85-92, 2012, Multidisciplinary Research and Practice for Information Systems. 〈10.1007/978-3-642-32498-7_7〉
https://hal.inria.fr/hal-01542432
Contributeur : Hal Ifip
<>
Soumis le : lundi 19 juin 2017 - 17:01:11
Dernière modification le : lundi 19 juin 2017 - 17:03:26
Document(s) archivé(s) le : vendredi 15 décembre 2017 - 20:21:50
Martin Jaatun. Hunting for Aardvarks: Can Software Security Be Measured?. Gerald Quirchmayr; Josef Basl; Ilsun You; Lida Xu; Edgar Weippl. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Aug 2012, Prague, Czech Republic. Springer, Lecture Notes in Computer Science, LNCS-7465, pp.85-92, 2012, Multidisciplinary Research and Practice for Information Systems. 〈10.1007/978-3-642-32498-7_7〉. 〈hal-01542432〉
