Information security models and metrics
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Temporal metrics for software vulnerabilities
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
A comparison of software design security metrics
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
EVMAT: an OVAL and NVD based enterprise vulnerability modeling and assessment tool
Proceedings of the 49th Annual Southeast Regional Conference
Scalable trust establishment with software reputation
Proceedings of the sixth ACM workshop on Scalable trusted computing
A multi-layer tree model for enterprise vulnerability management
Proceedings of the 2011 conference on Information technology education
| Hi-index | 0.02 |
Security metrics for software products provide quantitative measurement for the degree of trustworthiness for software systems. This paper proposes a new approach to define software security metrics based on vulnerabilities included in the software systems and their impacts on software quality. We use the Common Vulnerabilities and Exposures (CVE), an industry standard for vulnerability and exposure names, and the Common Vulnerability Scoring System (CVSS), a vulnerability scoring system designed to provide an open and standardized method for rating software vulnerabilities, in our metric definition and calculation. Examples are provided in the paper, which show that our definition of security metrics is consistent with the common practice and real-world experience about software quality in trustworthiness.