Research Article
A Quantitative Assessment Approach to COTS Component Security
Table 4
The comparison with related assessment approaches.
| Assessment approach | Assessment object | Assessment aspect | Is the internal factor considered? | Qualitative or quantitative? | Is there supporting tool? |
|
Khan and Han [8] | Software component | Security | No | Quantitative | No |
Alhazmi and Malaiya [11] | Operating system | Vulnerability | Yes | Quantitative | No | Zhang et al. [12] | Software system | Risk | No | Quantitative; qualitative | No |
Goševa-Popstojanova and Trivedi [15] | Software system | Reliability | No | Quantitative | No |
Mkpong-Ruffin [3] | Software | Risk | No | Quantitative | Yes | CVSS [16] | Software component | Vulnerability | No | Quantitative | Yes | QACS | COTS component | Security | Yes | Quantitative | Yes |
|
|