Measurement & Business Case Working Group
Activities
Current Activities
- Practical Measurement Framework for Software Assurance
and Information Security Version
1.0 is available for review. The framework provides an approach for measuring the effectiveness of achieving Software Assurance (SwA) goals and objectives at an organizational, program, or project level. It addresses how to assess the degree of assurance provided by software, using quantitative and qualitative methodologies and techniques. This framework incorporates existing measurement methodologies and is intended to help organizations and projects integrate SwA measurement into their existing programs. Organizations can use the common measurement framework to implement SwA and security measurement at the desired organizational level, tailor it to the organizational stakeholders, and integrate into existing measurement and risk management activities. The document provides example stakeholder goals and measures, as well as a generic measurement process, to help organizations get started with SwA measurement.
If you wish to comment on the document, please use the comment form and send comments to software.assurance [at] dhs.gov with the subject line "SwA Measurement Framework comments." - Creating a set of resources for the Web site targeting three primary
stakeholder groups: Executive, Developer/Vendor/Supplier, Buyer/Acquirer
- Goals and questions lists
- Sources of measurable requirements
- Articles on SwA measurement, security measurement, and software security measurement
- Measurement methodologies
- Measures lists
- Measures examples with filled out specs/templates and crosswalks of multiple methodologies
- Automated tools listings
Planned activities
- Collaborate with other working groups to ensure integration of measurement as appropriate
- Collect, validate, and continue publishing measurement resources (e.g., measures examples and articles of interest)
Expected Outcome
- Guidance is published to the community for review, comment, and validation
- Measurement resources are organized and published for community use
- Measurement resources (e.g., measures examples and articles of interest) are continuously collected, vetted, and published for use by community
- Measurement is integrated into SwA Forum working groups work – Acquisition; Business Case; Education and Training; Processes and Practices; and Technology and Tools