Making the Business Case for Software Assurance

This report provides guidance for those who want to make the business case for building software assurance into software products during each software development life-cycle activity. The business case defends the value of making additional efforts to ensure that software has minimal security risks when it is released and shows that those efforts are most cost-effective when they are made appropriately throughout the development life cycle. Although there is no single model that can be recommended for making the cost/benefit argument, there are promising models and methods that can be used individually and collectively for this purpose, as well as some convincing case study data that supports the value of building software assurance into newly developed software. These are described in this report.

The report includes a discussion of the following topics as they relate to the business case for software assurance: cost/benefit models, measurement, risk, prioritization, process improvement, globalization, organizational development, and case studies. These topics were selected based on earlier studies and collaborative efforts, as well as the workshop "Making the Business Case for Software Assurance," which was held at Carnegie Mellon University in September 2008.

PDF [2018 KB]

Authors

Nancy R. Mead

Julia H. Allen

W. Arthur Conklin

Antonio Drommi

John Harrison

Jeff Ingalsbe (University of Detroit Mercy)

James Rainey

Dan Shoemaker (University of Detroit Mercy)

This report is related to the following area(s) of work:

Security and Survivability
Software Assurance

Special Report
CMU/SEI-2009-SR-001
April 2009

Cite This Report

SEI:

Mead, Nancy; Allen, Julia; Conklin, W.; Drommi, Antonio; Harrison, John; Ingalsbe, Jeff; Rainey, James; & Shoemaker, Dan. Making the Business Case for Software Assurance (CMU/SEI-2009-SR-001). Software Engineering Institute, Carnegie Mellon University, 2009. http://www.sei.cmu.edu/library/abstracts/reports/09sr001.cfm

IEEE:

N. Mead, J. Allen, W. Conklin, A. Drommi, J. Harrison, J. Ingalsbe, J. Rainey, and D. Shoemaker, "Making the Business Case for Software Assurance," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Special Report CMU/SEI-2009-SR-001, 2009. http://www.sei.cmu.edu/library/abstracts/reports/09sr001.cfm

APA:

Mead, N., Allen, J., Conklin, W., Drommi, A., Harrison, J., Ingalsbe, J., Rainey, J., & Shoemaker, D. (2009). Making the Business Case for Software Assurance (CMU/SEI-2009-SR-001). Retrieved May 19, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/09sr001.cfm

CHI:

Mead, Nancy, Julia Allen, W. Conklin, Antonio Drommi, John Harrison, Jeff Ingalsbe, James Rainey, and Dan Shoemaker. Making the Business Case for Software Assurance (CMU/SEI-2009-SR-001). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2009. http://www.sei.cmu.edu/library/abstracts/reports/09sr001.cfm

MLA:

Mead, N., Allen, J., Conklin, W., Drommi, A., Harrison, J., Ingalsbe, J., Rainey, J., & Shoemaker, D. 2009. Making the Business Case for Software Assurance (Technical Report CMU/SEI-2009-SR-001). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/09sr001.cfm

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.