Estimating the Cost of Security for COTS Software

  • Donald J. Reifer
  • Barry W. Boehm
  • Murali Gangadharan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2580)


This paper describes enhancements being made to the University of Southern California’s COnstructive COTS (COCOTS) integration cost model to address security concerns. The paper starts by summarizing the actions we have taken to enhance COCOMO II to model the impact of security on development effort and duration. It then relates the COCOMO II approach to the COCOTS estimating framework so that the enhancements proposed can be incorporated into the COCOTS model. After summarizing the team’s progress in developing counterpart COCOTS security cost drivers and expert-consensus cost driver parameter values, the paper points to the steps that will be taken to validate the findings and calibrate the model.


Intrusion Detection System Cost Driver Trojan Horse Security Control Covert Channel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Committee on Information Systems Trustworthiness, Trust in Cyberspace. National Academy Press (1999)Google Scholar
  2. 2.
    Lindqvist, U., and Jonsson, E.: A Map of Security Risks Associated with Using COTS. In: IEEE Computer, June (1998) 60–66.Google Scholar
  3. 3.
    Abts, C., Boehm, B., and Clark, E. B.: COCOTS: A Software COTS-Based System (CBS) Cost Model-Evolving Towards Maintenance Phase Modeling. In: Proceedings of ESCOM (2001)Google Scholar
  4. 4.
    Boehm, B. W., Abts, C., Brown, A. W., Chulani, S., Clark, B. K., Horowitz, E., Madachy, R., Reifer, D., and Steece, B.: Software Cost Estimation with COCOMO II. Prentice-Hall (2000)Google Scholar
  5. 5.
    Abts, C., Boehm, B., and Clark, E. B.: COCOTS: A COTS Software Integration and Cost Model-Model Overview and Preliminary Data Findings. In: Proceedings of ESCOM (2000)Google Scholar
  6. 6.
    Luhn, R., and Spanbauer, S.: Protect Your PC. In: PC World, July (2002) page 92Google Scholar
  7. 7.
    Mackey, R: Layered Insecurity. Information Security, June (2002) 61–68.Google Scholar
  8. 8.
    Reifer, D. J.: Security: A Rating Concept for COCOMO II. Center for Software Engineering, University of Southern California, May (2002)Google Scholar
  9. 9.
    Allen, J. H.: The CERT Guide to System and Network Security Practices. Addison-Wesley (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Donald J. Reifer
    • 1
  • Barry W. Boehm
    • 1
  • Murali Gangadharan
    • 1
  1. 1.Center for Software EngineeringUniversity of Southern CaliforniaLos Angeles

Personalised recommendations