Predicting Software Assurance Using Quality and Reliability Measures

January 29, 2015 • Podcast

By

Bill Nichols and Carol Woody

In this podcast, the authors discuss how a combination of software development and quality techniques can improve software security.

Publisher

Software Engineering Institute

Subjects

Software Assurance

Listen

Abstract

Security vulnerabilities are defects that enable an external party to compromise a system. Our research indicates that improving software quality by reducing the number of errors also reduces the number of vulnerabilities and hence improves software security. Some portion of security vulnerabilities (maybe over half of them) are also quality defects. Can quality defect models that predict quality results be applied to security to predict security results? Simple defect models focus on an enumeration of development errors after they have occurred and do not relate directly to operational security vulnerabilities, except when the cause is quality related. In this podcast, Carol Woody and Bill Nichols discuss how a combination of software development and quality techniques can improve software security.

About the Speaker

Bill Nichols

William "Bill" Nichols joined the SEI in 2006 as a senior member of the technical staff and served as a Personal Software Process (PSP) instructor and Team Software Process (TSP) coach. Before joining the SEI, Nichols led a software-development team at the Bettis Laboratory near Pittsburgh, where he had been …

Carol Woody

Dr. Carol Woody has been a senior member of the technical staff since 2001. Currently she is the technical manager for the Cyber Security Engineering (CSE) team, whose research focuses on meeting the challenges of cyber security in acquisition, system and software engineering. CSE is building capabilities in defining, acquiring, …

Software Engineering Institute