Abstract:
Increasing demand for security commercial products requires an improvement of methods for evaluating their software quality. Existing standards offer general frameworks but more specific models which reflect the perception of experts and customers as well as the particular characteristics of this type of products are needed. This article presents a method for generating domain-oriented software quality models for specific types of applications. It is applied to the generation of a model for security COTS products based on systematic review of standards, related literature and conclusions of evaluation experiences as well as the statistical analysis of information collected from 203 security experts and practitioners. Results reveal interesting conclusions on the importance given by users to the different quality characteristics of security commercial software products.