A Mathematical Model for Estimating the Benefits of Incorporating the Security in Agile Software Development

Abstract

This article discusses the costs and benefits of integrating security into application development and presents formulae for the calculation of security costs and security benefits. There may be security risks due to the lack of secure applications. The number of accidents reported is increasing and it is the case that many big software systems are experiencing and exposing security vulnerabilities. It causes significant losses for consumer companies.While software companies are engaged in developing more secure software, there is very little work that illustrates the value of secure software. Software developers do not have legal accountability if bugs in their products are abused, unlike traditional goods producers, for example car manufacturer. The market reacts negatively to software vendors whose products have revealed a significant vulnerability.

This is due to the loss of credibility, patching costs, etc. The study demonstrates the market's willingness to punish the vendor for lack of safety and thus offers opportunities to provide safer technology. As an enhanced cost / effectiveness measure the vulnerabilities are plugged by patches available.There is substantial cost savings to fix security flaws during the development of requirements rather than to fix security flaws after the software has been released.

For suppliers, the cost of developing and releasing updates is increased. Moreover, the cost of development can be lowered,if security flaws are plugged during early stages of development.