Security growth modeling, analogous to reliability growth modeling, is an attempt to quantify how the projected security of a system increases with detection and removal of software vulnerabilities.
Such insights would be crucial in allocating development and assurance resources, as well as making informed release or revision decisions.
This presentation reviewed assumptions and limitations in such an approach and suggested how it could improve data-driven security management.