Application Security/Software Assurance
Security Congress Abstract
Defective software is insecure. We demonstrate that when software development teams make quality and reducing vulnerabilities the top two team goals, and follow up by collecting and analyzing “vital few” product and process metrics to track progress against the goals, they consistently delight customers by delivering software with no more than one vulnerability in 100 KSLOC. We substantiate with > 10 years of real project data. Disciplined practices such as putting highest quality code into test, collecting and analyzing precise and accurate “vital few” size, effort, and defect data and managing oneself are discussed. Specific measures and metrics to improve quality and reduce cybersecurity vulnerabilities are presented including a summary of proven transformational management practices that produce software which is secure from cyber-attacks.