Measuring the Trustworthiness of Software
For instance , CWE-424 : Improper Protection of Alternate Path is an architectural weakness that violates Security and Privacy controls by allowing a path from the user interface directly to restricted functionality or resources such as a database without passing through access or user authentication controls . Similarly , CWE-662 : Improper Synchronization is a Reliability weakness where two or more processes or threads interfere with each other when operating on shared resources causing the system to react in unpredictable ways .
ISO / IEC 5055 measures can be used to set measurable targets for sustaining the Trustworthiness of a system of interconnected devices by setting targets for scores on the Reliability and Security measures ( and Safety when it is added to the revised ISO 25010 ). These targets can be written into requests for proposal , statements of work , and contracts as acceptance criteria for software products delivered by system integrators , software vendors , and other third-party suppliers . Incentives can be written into contracts tied to achieving increasingly higher levels of Trustworthiness in delivered products .
Some of the most dangerous Security and Reliability weaknesses contained in ISO 5055 can be marked as ‘ unacceptable ’. If these weaknesses are detected in delivered software , the vendor will be required to remove them at the vendor ’ s expense before the delivery will be accepted . Software should not be put into operation until banned weaknesses have been removed .
ISO 5055 Reliability and Security measures can also be evaluated by internal development teams to establish release criteria and improvement targets . The targets should reflect the amount of risk the organization is willing to tolerate in each of IIC ’ s 5 components of Trustworthiness . The level of risk on each component may vary across systems based on whether they are exposed to customers , contain confidential data , etc . The cost of detecting and repairing weaknesses becomes exponentially larger the closer to zero defects an organization sets a target . Therefore , the executive team must determine the tradeoff between cost and risk when setting measurable Trustworthiness targets .
The risk associated with a single instance of a weakness depends on the context of its position in a software system . In some contexts , a severe weakness can become less onerous , while a less severe weaknesses may become more dangerous . The weaknesses in ISO 5055 measures were selected because they expose systems to substantial operational and cost of ownership risk in most contexts . Nevertheless , the severity of individual weaknesses can be assessed using the Common Weakness Scoring System 6 to help prioritize corrective actions .
6
42 July 2022