What do we know about software security evaluation?: A preliminary study
2018 (English)In: CEUR Workshop Proceedings, CEUR-WS , 2018, Vol. 2273, p. 44-51Conference paper, Published paper (Refereed)
Abstract [en]
—In software development, software quality is nowadays acknowledged to be as important as software functionality and there exists an extensive body-of-knowledge on the topic. Yet, software quality is still marginalized in practice: there is no consensus on what software quality exactly is, how it is achieved and evaluated. This work investigates the state-of-the-art of software quality by focusing on the description of evaluation methods for a subset of software qualities, namely those related to software security. The main finding of this paper is the lack of information regarding fundamental aspects that ought to be specified in an evaluation method description. This work follows up the authors’ previous work on the Property Model Ontology by carrying out a systematic investigation of the state-of-the-art on evaluation methods for software security. Results show that only 25% of the papers studied provide enough information on the security evaluation methods they use in their validation processes, whereas the rest of the papers lack important information about various aspects of the methods (e.g., benchmarking and comparison to other properties, parameters, applicability criteria, assumptions and available implementations). This is a major hinder to their further use.
Place, publisher, year, edition, pages
CEUR-WS , 2018. Vol. 2273, p. 44-51
Keywords [en]
Property model ontology, Software quality evaluation, Software security, Systematic review, Ontology, Quality control, Software design, Evaluation methods, Method descriptions, Property models, Security evaluation, Software functionality, Computer software selection and evaluation
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-41834Scopus ID: 2-s2.0-85058662257OAI: oai:DiVA.org:mdh-41834DiVA, id: diva2:1274028
Conference
6th International Workshop on Quantitative Approaches to Software Quality, QuASoQ 2018; Nara; Japan; 4 December 2018 through ; Code 142954
2018-12-272018-12-272018-12-27Bibliographically approved