Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
What do we know about software security evaluation?: A preliminary study
Mälardalen University, Sweden.
RISE - Research Institutes of Sweden, ICT, SICS.ORCID iD: 0000-0002-5157-8131
Mälardalen University, Sweden.
2018 (English)In: CEUR Workshop Proceedings, CEUR-WS , 2018, p. 44-51Conference paper, Published paper (Refereed)
Abstract [en]

—In software development, software quality is nowadays acknowledged to be as important as software functionality and there exists an extensive body-of-knowledge on the topic. Yet, software quality is still marginalized in practice: there is no consensus on what software quality exactly is, how it is achieved and evaluated. This work investigates the state-of-the-art of software quality by focusing on the description of evaluation methods for a subset of software qualities, namely those related to software security. The main finding of this paper is the lack of information regarding fundamental aspects that ought to be specified in an evaluation method description. This work follows up the authors’ previous work on the Property Model Ontology by carrying out a systematic investigation of the state-of-the-art on evaluation methods for software security. Results show that only 25% of the papers studied provide enough information on the security evaluation methods they use in their validation processes, whereas the rest of the papers lack important information about various aspects of the methods (e.g., benchmarking and comparison to other properties, parameters, applicability criteria, assumptions and available implementations). This is a major hinder to their further use.

Place, publisher, year, edition, pages
CEUR-WS , 2018. p. 44-51
Keywords [en]
Property model ontology, Software quality evaluation, Software security, Systematic review, Ontology, Quality control, Software design, Evaluation methods, Method descriptions, Property models, Security evaluation, Software functionality, Computer software selection and evaluation
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:ri:diva-37313Scopus ID: 2-s2.0-85058662257OAI: oai:DiVA.org:ri-37313DiVA, id: diva2:1280179
Conference
6th International Workshop on Quantitative Approaches to Software Quality, QuASoQ 2018, 4 December 2018
Note

 Funding details: Sweden-America Foundation; Funding text 1: Part of the work is also supported by the Electronic Component Systems for European Leadership Joint Undertaking ACKNOWLEDGMENTS The work is supported by a research grant for the ORION project (reference number 20140218) from The Knowledge Foundation in Sweden.; Funding text 2: under grant agreement No 737422. This Joint Undertaking receives support from the European Unions Horizon 2020 research and innovation programme and Austria, Spain, Finland, Ireland, Sweden, Germany, Poland, Portugal, Netherlands, Belgium, Norway.

Available from: 2019-01-18 Created: 2019-01-18 Last updated: 2023-05-16Bibliographically approved

Open Access in DiVA

No full text in DiVA

Scopus

Authority records

Papatheocharous, Efi

Search in DiVA

By author/editor
Papatheocharous, Efi
By organisation
SICS
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 40 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf