Research Article
A Quantitative Assessment Approach to COTS Component Security
Table 4
The comparison with related assessment approaches.
| | Assessment approach | Assessment object | Assessment aspect | Is the internal factor considered? | Qualitative or quantitative? | Is there supporting tool? |
| |
Khan and Han [8] | Software component | Security | No | Quantitative | No | |
Alhazmi and Malaiya [11] | Operating system | Vulnerability | Yes | Quantitative | No | | Zhang et al. [12] | Software system | Risk | No | Quantitative; qualitative | No | |
Goševa-Popstojanova and Trivedi [15] | Software system | Reliability | No | Quantitative | No | |
Mkpong-Ruffin [3] | Software | Risk | No | Quantitative | Yes | | CVSS [16] | Software component | Vulnerability | No | Quantitative | Yes | | QACS | COTS component | Security | Yes | Quantitative | Yes |
|
|
