Tutorial at ISSRE 2018
From Software Security Assessment to Security Benchmark
Security assessment and security benchmarking are related but distinct activities: assessment tells you how secure a specific system is; benchmarking tells you how systems compare. This tutorial bridges the two, showing how rigorous assessment methodology can be lifted into a reusable benchmark.
Presented by Marco Vieira and Nuno Antunes at ISSRE 2018, the tutorial covers the core ingredients of a security benchmark (workloads, fault models, metrics, and experimental procedures) and walks through concrete examples drawn from web application and web service security. Attendees leave with a practical framework for turning their own assessment work into reproducible, shareable benchmarks.