Achieving "Good Enough" Software Security: The Role of Objectivity
Chapter
Accepted version
Permanent lenke
https://hdl.handle.net/11250/3067254Utgivelsesdato
2020Metadata
Vis full innførselSamlinger
- Publikasjoner fra CRIStin - SINTEF AS [5864]
- SINTEF Digital [2536]
Originalversjon
EASE '20: Proceedings of the Evaluation and Assessment in Software Engineering. 2020, 360-365. 10.1145/3383219.3383267Sammendrag
Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also delayed. This paper discusses the role of objectivity in assessing and researching the goal of good enough security. Different understandings of objectivity are introduced, and the paper explores how these can guide the way forward in improving judgements on what level of security is good enough. The paper recommends adopting and improving upon methods that include different perspectives, support the building of interactive expertise, and support confirmability by keeping documentation of the basis on which judgements were made.