Dependability analysis of SSE based on parametric estimation

Software Security Evaluation (SSE) is an important activity for information security assurance. While the exiting SSE is very lack of dependability information for evaluation conclusion. In this paper, confidence measure was chosen as the indicator of dependability, and a quantitative analysis method based on parametric estimation theory was proposed. First, SSE conclusion was modeled as a stochastic variable conforms to the normal distribution. Second, confidence measure computing equation by big samples was given based on traditional mathematical statistics. Finally, to improve the practicability of the analysis method, the small samples situation was considered, and the confidence measure computing method was present based on Bayes statistics. This dependability analysis method is suit for SSE system which conclusion is explicit value. And it can bring confidence information of SSE to all the stakeholders of the target software for scientific decisions.