What do we know about software security evaluation?: A preliminary study
2018 (English)In: CEUR Workshop Proceedings, CEUR-WS , 2018, p. 44-51Conference paper, Published paper (Refereed)
Abstract [en]
—In software development, software quality is nowadays acknowledged to be as important as software functionality and there exists an extensive body-of-knowledge on the topic. Yet, software quality is still marginalized in practice: there is no consensus on what software quality exactly is, how it is achieved and evaluated. This work investigates the state-of-the-art of software quality by focusing on the description of evaluation methods for a subset of software qualities, namely those related to software security. The main finding of this paper is the lack of information regarding fundamental aspects that ought to be specified in an evaluation method description. This work follows up the authors’ previous work on the Property Model Ontology by carrying out a systematic investigation of the state-of-the-art on evaluation methods for software security. Results show that only 25% of the papers studied provide enough information on the security evaluation methods they use in their validation processes, whereas the rest of the papers lack important information about various aspects of the methods (e.g., benchmarking and comparison to other properties, parameters, applicability criteria, assumptions and available implementations). This is a major hinder to their further use.
Place, publisher, year, edition, pages
CEUR-WS , 2018. p. 44-51
Keywords [en]
Property model ontology, Software quality evaluation, Software security, Systematic review, Ontology, Quality control, Software design, Evaluation methods, Method descriptions, Property models, Security evaluation, Software functionality, Computer software selection and evaluation
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:ri:diva-37313Scopus ID: 2-s2.0-85058662257OAI: oai:DiVA.org:ri-37313DiVA, id: diva2:1280179
Conference
6th International Workshop on Quantitative Approaches to Software Quality, QuASoQ 2018, 4 December 2018
Note
Funding details: Sweden-America Foundation; Funding text 1: Part of the work is also supported by the Electronic Component Systems for European Leadership Joint Undertaking ACKNOWLEDGMENTS The work is supported by a research grant for the ORION project (reference number 20140218) from The Knowledge Foundation in Sweden.; Funding text 2: under grant agreement No 737422. This Joint Undertaking receives support from the European Unions Horizon 2020 research and innovation programme and Austria, Spain, Finland, Ireland, Sweden, Germany, Poland, Portugal, Netherlands, Belgium, Norway.
2019-01-182019-01-182023-05-16Bibliographically approved