Making Security and Trust Measurable

From Master Projects
Jump to: navigation, search

About Making Security and Trust Measurable


Background: To be or not to be secure. In theory, security is binary. But in practice 100% security does not exist. Instead, security is a continuous battle on many fronts where improvements are obtained gradually. To support such gradual security improvement, we need to be able to measure current security on a continuous scale. But how? The Software Improvement Group has developed multiple security metrics and bundled them in rating mechanisms for software products and processes.

Goals: In this project, you will extend the SIG security ratings with new measurements in order to capture new aspects of security or make the current metrics more precise or more repeatable. You will study the statistical behaviour of these metrics, test their strengths and weaknesses, and provide us with recommendations of how to integrate and use them. Moreover, you will explore the relation between these metrics and trust.