Building Bridges of Security, Sovereignty and Trust in Business and Industry 27th Edition | Page 7

Building Trust in the Security of Software
CONTENTS
1 Can You Trust Software..................................................................................................... 3
1.1
Can Software be Certified Secure?....................................................................................... 3
1.2
Some Help: ISO 5055:2021................................................................................................... 3
2 Trusting the Process.......................................................................................................... 4
2.1
Process Standards............................................................................................................... 4
2.2
Maturity Models................................................................................................................. 6
2.3
Compliance Syndrome and Culture...................................................................................... 7
3 Trusting the Developers.................................................................................................... 8 4 Trusting the Software........................................................................................................ 9 5 Conclusion...................................................................................................................... 11 6 References...................................................................................................................... 11 7 Acknowledgements......................................................................................................... 13 Annex A............................................................................................................................... 13
A. 1 Commmon Weakness Enumeration Repository.................................................................. 13
Annex B............................................................................................................................... 14
B. 1
Appmarq Repository.......................................................................................................... 14
B. 2
CRASH Reports.................................................................................................................. 14
TABLES
Table 2-1: Opportunities to use ISO / IEC 5055 in the context of NIST’ s Cybersecurity Framework.............. 6 Table 2-2: Maturity level growth to improve the delivery of secure products............................................. 6 Table 4-1: Descriptive statistics for security weaknesses per KLOC by language....................................... 10
Table 4-2: Comparison of security weaknesses per KLOC for differences in shore and source by language.............................................................................................................................................................. 11
2 May 2025