Skip to Main Content
Measuring security is an important step in creating and deploying secure applications. In order to efficiently measure the level of security that an application provides, three problems need to be solved: obviously metrics need to be available, a suitable metrics framework needs to be chosen and implemented, and the resulting measurements need to be interpreted. This work focuses on the second and third problem. We propose an approach to facilitate the selection and integration of appropriate security metrics, and to support the aggregation and interpretation of measurements. Our approach associates security metrics to security patterns, and we exploit the relationships between security patterns and security objectives to enable the interpretation of measurements. The approach is illustrated in a case study.