A Stake Holder Based Model for Software Security Metrics
It is common wisdom that any process that cannot be measured cannot be managed. This applies to security as well. Security metrics are assuming tremendous importance as they are vital for assessing the current security status, to develop operational best practices and for guiding future security research. This topic is very relevant at a time when organizations are coming under increasing pressure requiring them to demonstrate due assiduousness when protecting the data assets of themselves and their customers. In these circumstances metrics can give the organizations a way to prioritize threats and vulnerabilities and the risks they pose to enterprise information assets. This paper propounds a stakeholder based model of security metrics.
Keywords: Common Vulnerability Scoring System, Security Metrics, Stake holder
Download Full-Text
