Blog: NIST Suggests Areas for Further Security Metrics Research

NIST Suggests Areas for Further Security Metrics Research
Government Computer News (03/09/09) Jackson, William

Scientists at the National Institute of Standards and Technology's (NIST's) Computer Security Division have identified several areas that need to be researched to spur the creation of useful security metrics. One key area is the creation of formal models of security measurement and metrics. NIST scientists say the absence of these models and other formalisms has made it difficult to create security metrics that are useful in practice. Another area that needs to be researched is historical data collection and analysis. The scientists say that predictive estimates of the security of software components and applications that are being examined should be able to be derived from historical data collected about the characteristics of similar types of software and the vulnerabilities those applications experienced. The scientists observe that insights into security metrics could be gained by using analytical techniques on historical data in order to identify trends and correlations, discover unexpected relationships, and uncover other predictive interactions. Finally, the scientists say the development of computing components that are designed for measurement would be a significant step toward developing effective security metrics.

View Full Article