Measuring the Trustworthiness of Software
The two measures in ISO 5055 relevant to Trustworthiness , Reliability and Security , are developed from detecting and counting severe weaknesses in software that affect each of these quality characteristics . The international team of software experts sorted through a wide range of software weaknesses and selected the most severe ones for inclusion in ISO 5055 measures .
A weakness was considered severe if the majority of experts developing the measures believed that it had to be removed from the software to avoid damaging business operations or creating excessive IT costs . In the case of Trustworthiness this would be a weakness that , if triggered , would cause the system or device to behave in a way that caused the user to lose trust in its operation .
The measures are developed through static analysis of the software . Static analysis detects nonfunctional , structural flaws in both the architecture and coding of the software . Severe weaknesses related to the four quality characteristic measures are detected and counted . The base measure for each quality characteristic , such as Reliability or Security , is the total number of occurrences of each weakness included in the quality characteristic .
Occurrence counts of weaknesses can be transformed into normalized measures such as the density of weaknesses per thousand lines of source code or other size measure . Sigma levels can be computed by calculating the number of weaknesses per million parts , where agreement must be established on what constitutes a ‘ part ’ ( e . g ., a line of code , a computational element such as a command or variable reference , etc .).
They can also be transformed into compliance ratios comparing the number of potential occurrences of a weakness to the number of times the weakness was actually detected in the code . Compliance is most often calculated as a ratio comparing the number of times a structure was instantiated in the software system to the number of times one of the instantiations contained a weakness .
40 July 2022