When attacking a software system is only as difficult as it is to obtain a vulnerability to exploit, the security strength of that system is equivalent to the market price of such a vulnerability. In this dissertation I show how security strength can be measured using market means, how these strength measures can be applied to create models that forecast the security risk facing a system, and how the power of markets can also be unleashed to increase security strength throughout the software development process. In short, I provide the building blocks required for a comprehensive, quantitative approach to increasing security strength and reducing security risk. The importance of quantifying..
Limited resources preclude software engineers from finding and fixing all vulnerabilities in a softw...
Evaluating the software assurance of a product as it functions within a specific system context invo...
This thesis provides empirical metrics for different vectors for vulnerability introduction, with a ...
The high amount of trust put into today\u27s software systems calls for a rigorous analysis of their...
While it is widely agreed that contemporary computer security is insufficient to meet the challenges...
Employing a design solution can satisfy some requirements while having negative side-effects on some...
While the importance of security has long been recognised, research efforts aimed at finding a solut...
Security involves making sure the good guys get in and the bad guys stay out. Throughout the develop...
We present a simple information security model to determine why, historically, the level of security...
Software security is increasing in importance, linearly with vulnerabilities caused by software flaw...
This paper addresses the challenge of measuring security, understood as a system property, of cyberp...
In this paper, basic issues of measuring security as a system property are discussed. While traditi...
Measurement is one of the foundations of sound engineering practices, be-cause-as Tom DeMarco put it...
Meaningful metrics and methods for measuring software security would greatly improve the security of...
When it comes to non-trivial networked computer systems, bulletproof security is very hard to achiev...
Limited resources preclude software engineers from finding and fixing all vulnerabilities in a softw...
Evaluating the software assurance of a product as it functions within a specific system context invo...
This thesis provides empirical metrics for different vectors for vulnerability introduction, with a ...
The high amount of trust put into today\u27s software systems calls for a rigorous analysis of their...
While it is widely agreed that contemporary computer security is insufficient to meet the challenges...
Employing a design solution can satisfy some requirements while having negative side-effects on some...
While the importance of security has long been recognised, research efforts aimed at finding a solut...
Security involves making sure the good guys get in and the bad guys stay out. Throughout the develop...
We present a simple information security model to determine why, historically, the level of security...
Software security is increasing in importance, linearly with vulnerabilities caused by software flaw...
This paper addresses the challenge of measuring security, understood as a system property, of cyberp...
In this paper, basic issues of measuring security as a system property are discussed. While traditi...
Measurement is one of the foundations of sound engineering practices, be-cause-as Tom DeMarco put it...
Meaningful metrics and methods for measuring software security would greatly improve the security of...
When it comes to non-trivial networked computer systems, bulletproof security is very hard to achiev...
Limited resources preclude software engineers from finding and fixing all vulnerabilities in a softw...
Evaluating the software assurance of a product as it functions within a specific system context invo...
This thesis provides empirical metrics for different vectors for vulnerability introduction, with a ...