Software Engineering Institute

This white paper describes an approach for deriving measures of software security from well-established and commonly used standard practices for information security. This work was performed as part of the Software Engineering Institute's Software Security Measurement and Analysis (SSMA) project. It is an initial demonstration of how SSMA-defined software security drivers can be used in concert with practices and standards to derive meaningful measures of software security.