Prospects for software security growth modeling

Modern society depends on the continuing correct operation of software-based systems. Critical infrastructures - including energy, communication, transportation, and finance - all function within powerful and complex computing environments. The dependability of these systems is increasingly threatened by a wide range of adversaries, and increasing investments are being made to provide and assess sufficient security for these systems. Engineering and business decisions have to be made in response to questions such as: “How secure does this system have to be?” “What kinds and amounts of development and appraisal activities should be funded?” “Is the system ready to be placed into operation?” Software quality engineering has addressed similar issues for other product attributes. In particular, there is a considerable body of experience with techniques and tools for specifying and measuring software reliability. Much effort has gone into modeling the improvement in software reliability during development and testing. An analogous approach to security growth modeling would quantify how the projected security of a system increases with additional detection and removal of software vulnerabilities. Such insights could guide allocation of resources during development and ultimately assist in making the decision to release the product. This paper will first summarize software reliability engineering and its use of software reliability growth modeling before considering potential analogies in software security engineering and software security growth modeling. After describing several limitations in either type of modeling, the role of risk management will be considered.