Measuring the Trustworthiness of Software
Figure
4-1 . ISO 5055 structure and example weaknesses .
The four ISO 5055 measures are constructed from a list of 138 unique weaknesses , as presented in Figure 4-1with several example weaknesses from each measure . All 138 weaknesses are contained in the Common Weakness Enumeration ( CWE ) repository 5 maintained by MITRE Corp . and have been assigned unique CWE identification numbers . Weaknesses are divided between 92 parent weaknesses and 46 contributing weaknesses . Contributing weaknesses represent various structural patterns through which 13 of the parent weaknesses can be instantiated in source code .
Many weaknesses are included in more than one measure . The two quality characteristics with the most overlapping weaknesses are Reliability and Security with 42 overlaps . This overlap results because many of the weaknesses that will crash systems also provide opportunities for unauthorized access by hackers . For this reason , security cannot be separated from the overall structural quality of a system . The large number of overlaps is due to the large number of contributing weaknesses nested under the overlapping parent weaknesses .
To fully assess Trustworthiness , the search for severe weaknesses must be conducted across the entire stack of software technologies comprising a system , or across the ensemble of devices comprising an Internet of Things ( IoT ) application . ISO 5055 includes serious flaws at both the architectural and component levels to provide a full evaluation of the factors determining a system ’ s Trustworthiness .
5
R . A . Martin ( 2001 ). Managing vulnerabilities in networked systems . IEEE Software , vol . 34 , no . 11 , pp . 32-38 , Nov . 2001 . DOI : 10.1109 / 2.963441 .
https :// cwe . mitre . org
IIC Journal of Innovation 41