A probe quality metric taxonomy for assurance evaluation

Commonly, assurance is considered as "something said or done to inspire confidence". It
is clear from this definition that the fundamental part of assurance is confidence. However, the level
of confidence inspired from a statement or an action depends on the ―quality‖ of its source. Inspired
by the Systems Security Engineering Capability Maturity Model (SSE-CMM) and the Common
Criteria, we tailored five ordinal levels of quality levels for probes performing the verification of
system security measures; different levels of quality being possible depending on the coverage, rigor,
depth and Independence of the verification. The metric taxonomy is intended to assist IT Products
manufacturers in developing their products or systems and in identifying security requirements to be
satisfied for their products or systems to be assured at some level of quality as far as assurance
evaluation is concerned. It could also benefit consumers in supporting them in selecting IT security
products depending on their organizational needs, while IT security evaluators may use it as reference
when forming judgments about the quality of a security product.

Citation:
Ouedraogo, M., Mouratidis, H., Khadraoui, D. and Dubois, E. (2010) ‘A probe quality metric taxonomy for assurance evaluation.’, Proceedings of Advances in Computing and Technology, (AC&T) The School of Computing and Technology 5th Annual Conference, University of East London, pp.201-208..