Methodology for validating software metrics


See [4] for more information about some of these efforts.

The framework described in this document encourages people to measure security throughout the entire development process.

While estimating the cost of insecure software may appear a daunting task, there has been a significant amount of work in this direction.

For example, in June 2002, the US National Institute of Standards (NIST) published a survey on the cost of insecure software to the US economy due to inadequate software testing [3].

The group fully understands that not everyone will agree upon all of these decisions.

This topic will not be covered in detail here, as it would take a guide on its own (for an introduction, see [2]).

Writing the Testing Guide has proven to be a difficult task.

It was a challenge to obtain consensus and develop content that allowed people to apply the concepts described in the guide, while also enabling them to work in their own environment and culture.

It was also a challenge to change the focus of web application testing from penetration testing to testing integrated in the software development life cycle.

However, the group is very satisfied with the results of the project.

Chapter 3 presents the OWASP Testing Framework and explains its techniques and tasks in relation to the various phases of the software development life cycle.

You must have an account to comment. Please register or login here!