2013
EMSS 2013 Proceeding
A stochastic approach to security software quality management
Authors: Vojo Bubevski
Abstract
The conventional approach to security software quality management specifically for ongoing projects has two major limits (1) Six Sigma is not applied; and (2) analytic risk models are used. This paper proposes a stochastic method, which applies Six Sigma Define, Measure, Analyze, Improve and Control (DMAIC), Monte Carlo Simulation and Orthogonal Security Defect Classification (OSDC). DMAIC is tactically applied to assess and improve quality. Simulation predicts quality (reliability) and identifies and quantifies the quality risk. OSDC allows qualitative analysis. DMAIC is a verified structured methodology for systematic process and quality improvements. Simulation is superior to analytic risk models. OSDC offers qualitative improvements. This synergetic method eliminates observed deficiencies gaining important benefits including savings, quality and customer satisfaction. It is CMMIŽ (Capability Maturity Model Integration) compliant. The method is simplistically elaborated on a published third-party project.
I3M Scientific Sponsors
I3M Industrial Sponsors
I3M Media Sponsors
