Building Trust in the Security of Software
The structural quality analyses were performed by detecting and counting violations of over 1,200 rules of good architectural and coding practice in the areas of Robustness, Security, Performance, Changeability, and Transferability. Each of these five Health Factors is defined in Table B-1. Using static analysis to evaluate an application for violations of structural quality rules is critical since they are difficult to detect through standard testing [ 16 ]. Structural quality weaknesses are the flaws most likely to cause operational problems such as outages, performance degradation, unauthorized access, or data corruption. CRASH reports provide an objective, empirical foundation for discussing the structural quality of software applications throughout industry and government.
Health Factor Definition
Robustness
Security
Performance Efficiency
Changeability
Transferability
Robustness measures the likelihood of outages, the difficulty of recovery and the possibility of data corruption linked to poor coding practices.( the equivalent of Reliability)
Security measures violations of secure coding practices that allow unauthorized entry, deceptive interactions, theft of data, or breach of confidentiality.
Efficiency measures the likelihood of potential performance degradation and inefficient use of resources such as processors, memory and networks linked to poor coding practices.
Changeability measures the difficulty of modifying applications, adding features, correcting errors, or changing the application’ s environment.
Transferability measures the difficulty of understanding the application and becoming productive in working with it, thus the difficulty of transferring work. Table B-1: Health factor definitions.
Journal of Innovation 15