Secured Release through an Agile Security Growth Framework  
Author Saikath Bhattacharya

 

Co-Author(s) Laurie Williams; Munindar P. Singh

 

Abstract Software development teams need to produce and assess secure software products so that they can perform critical functionality. Because no software product can ever be “perfectly secure,” development teams need to decide when a software product is “secure enough” to be released, that is, to make a decision on the product’s release readiness. The goal of this paper is to aid software practitioners in predicting whether a software product is “secure enough” to be released through the evolution and evaluation of software security growth models (SSGM). In this paper, we adapt and evolve software reliability growth models (SSGMs) for the purpose of SSGM using empirical software vulnerability analysis. We quantitatively compare the quality of agile software versions by comparing the security correction and detection process over testing time and software testing cost. The framework is generic to incorporate software vulnerability data into different time frames and multiple agile software versions. We evaluated our SSGM using data from Google Chromium, which uses an agile process with releases every 50 days.

 

Keywords Software Security, Software Reliability Growth Model, Software Release Readiness, Agile Process, Software Security Growth Model
   
    Article #:  RQD2024-6
 

Proceedings of 29th ISSAT International Conference on Reliability & Quality in Design
August 8-10, 2024