An Open-Source Tool to Support the Quantitative Assessment of Cyber Security for Software Intensive System Acquisition

Abstract:

This paper presents an open-source tool to support the quantitative assessment of software reliability and cyber security. The tool enables assessment of a system’s security from penetration-testing data and can be used to estimate the number of vulnerabilities remaining. This approach will enable organisations that acquire software to establish quantitative requirements for inclusion in contracts, thereby providing clear requirements for software and system developers to meet. The tool will enable contractors to regularly assess the security of their software, which will facilitate the identification and reporting of programs that may fail to achieve contractually specified security objectives.


AUTHORS

Image of Vidhyashree Nagaraju

Department of Electrical and Computer Engineering University of Massachusetts
Dartmouth, MA, U.S.A.

Vidhyashree Nagaraju is a doctoral student in the Department of Electrical & Computer Engineering at the University of Massachusetts Dartmouth, where she earned her master’s degree in 2015. She earned her bachelor’s degree in Electronics and Communication Engineering from Visvesvaraya Technological University in India in 2011.

Photo of Dr. Lance Fiondella

Department of Electrical and Computer Engineering University of Massachusetts
Dartmouth, MA, U.S.A.

Dr. Lance Fiondella is an Assistant Professor in the Department of Electrical & Computer Engineering at the University of Massachusetts Dartmouth. He earned a doctorate in Computer Science & Engineering in 2012 from the University of Connecticut. From 2013-2015, he served as vice-chair  of  the  Institute  of  Electrical  and Electronics Engineers’ (IEEE) Standard 1633, IEEE Recommended Practice on Software Reliability. He is  an  elected  member  of  the  Administrative Committee of the  IEEE Reliability Society (2015- 2017)  and  has  published  more  than  100  peer- reviewed journal articles and conference papers on topics related to reliability and risk analysis.

Photo of Dr. Thierry Wandji

Naval Air Systems Command Patuxent River, MD
U.S.A.

Dr. Thierry Wandji is the Systems/Software Technical Lead Engineer at the Naval Air Systems Command in Patuxent River, Maryland. He earned a doctorate in Systems Engineering (with a research focus in Software Reliability Modelling) from George Washington University in 2015. He is a member of the National Society of Black Engineers (NSBE), the Institute of Electrical and Electronics Engineers (IEEE), the International Council on Systems Engineering (INCOSE), and the IEEE’s Electromagnetic Compatibility Society (EMC).

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Media Parner to JIW.

Media Partner

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com