https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
What do we know about software security evaluation?: A preliminary study
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.ORCID iD: 0000-0003-0165-3743
ICT SICS RISE Research Institutes of Sweden, Stockholm, Sweden.
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.ORCID iD: 0000-0002-0401-1036
2018 (English)In: CEUR Workshop Proceedings, CEUR-WS , 2018, Vol. 2273, p. 44-51Conference paper, Published paper (Refereed)
Abstract [en]

—In software development, software quality is nowadays acknowledged to be as important as software functionality and there exists an extensive body-of-knowledge on the topic. Yet, software quality is still marginalized in practice: there is no consensus on what software quality exactly is, how it is achieved and evaluated. This work investigates the state-of-the-art of software quality by focusing on the description of evaluation methods for a subset of software qualities, namely those related to software security. The main finding of this paper is the lack of information regarding fundamental aspects that ought to be specified in an evaluation method description. This work follows up the authors’ previous work on the Property Model Ontology by carrying out a systematic investigation of the state-of-the-art on evaluation methods for software security. Results show that only 25% of the papers studied provide enough information on the security evaluation methods they use in their validation processes, whereas the rest of the papers lack important information about various aspects of the methods (e.g., benchmarking and comparison to other properties, parameters, applicability criteria, assumptions and available implementations). This is a major hinder to their further use.

Place, publisher, year, edition, pages
CEUR-WS , 2018. Vol. 2273, p. 44-51
Keywords [en]
Property model ontology, Software quality evaluation, Software security, Systematic review, Ontology, Quality control, Software design, Evaluation methods, Method descriptions, Property models, Security evaluation, Software functionality, Computer software selection and evaluation
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-41834Scopus ID: 2-s2.0-85058662257OAI: oai:DiVA.org:mdh-41834DiVA, id: diva2:1274028
Conference
6th International Workshop on Quantitative Approaches to Software Quality, QuASoQ 2018; Nara; Japan; 4 December 2018 through ; Code 142954
Available from: 2018-12-27 Created: 2018-12-27 Last updated: 2018-12-27Bibliographically approved

Open Access in DiVA

No full text in DiVA

Scopus

Authority records

Sentilles, SéverineCiccozzi, Federico

Search in DiVA

By author/editor
Sentilles, SéverineCiccozzi, Federico
By organisation
Embedded Systems
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 23 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf