This paper introduces a model for rating software security based on the ISO 25010 standard for software product quality. To rate software security, the authors define eleven system properties, which reflect how a typical software product addresses the confidentiality, integrity, non-repudiation, accountability and authenticity. The paper presents these properties, how to rate them, and how to aggregate the ratings.
展开▼