Tag Archives: security requirements

Measurement and Metrics in Secure Software Development: CMMI & ISO/IEC 15939

Measurement and metrics play a crucial role in improving the security characteristics of software during the development process. This article explores the importance of security metrics and provides guidance on software measurement and analysis based on industry standards such as ISO/IEC 15939 and CMMI. It highlights the key practices for aligning measurement objectives with organizational goals and performing effective measurement and analysis activities. The article emphasizes the significance of addressing security concerns throughout the measurement process and offers insights into formulating measurement objectives to achieve security requirements. Additionally, it provides examples of analytical questions that can help assess vulnerabilities, compliance with security processes, and the identification of critical modules. By implementing these measurement practices, organizations can enhance their software development process to effectively incorporate security requirements. The article emphasizes the need for simplicity in measurements while meeting the information needs of the stakeholders