ECONOMIC MODELS FOR SOFTWARE SECURITY

Akwuwuma Veronica and Egwali Annie

Department of Computer Science

 University of Benin, Benin City, Nigeria

E-mail: vakwukwuma@yahoo.com; egwali.annie@yahoo.com

ABSTRACT

The economics of software security is an evaluation of the cost and benefits of adding security to software. Most firms are mainly concerned with making software functional without paying much consideration to security because of the rigors of adding security to software and because buyers have no low cost method of ascertaining quality. These nonchalant practices will only give attackers an upper hand in the race for compromising system software.  It is crucial therefore that software developer protect their customers by embedding security and confidentiality into their software. Security should be a factor in software development undermining the cost.  In this paper, we therefore focus on the economics of building security properties into software application. To cover the entire dimension of the economics of software security, we incorporate cost-benefit analysis models^[1] to incur the cost of adding security properties into software development. We also expanded our security framework to integrate the security properties^[2] and incorporated encryption, TCP/IP hardening and Buffer overflow checks.

 Keyword:  Cost, Security, Software, Economics, Attacks