Achieving "Good Enough" Software Security: The Role of Objectivity
Chapter
Accepted version
Date
2020Metadata
Show full item recordCollections
- Publikasjoner fra CRIStin - SINTEF AS [5864]
- SINTEF Digital [2536]
Original version
EASE '20: Proceedings of the Evaluation and Assessment in Software Engineering. 2020, 360-365. 10.1145/3383219.3383267Abstract
Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also delayed. This paper discusses the role of objectivity in assessing and researching the goal of good enough security. Different understandings of objectivity are introduced, and the paper explores how these can guide the way forward in improving judgements on what level of security is good enough. The paper recommends adopting and improving upon methods that include different perspectives, support the building of interactive expertise, and support confirmability by keeping documentation of the basis on which judgements were made.