Effort estimation is extremely challenging for developing secure software systems. Two major challenges are: (1) lack of validated methods or models, (2) large variation in existing security standards that limits applicability of existing methods. This paper reports an exploratory study in establishing effort estimation model for secure operating system software development in China. More specifically, we investigate the existing cost estimation relationships in the domain of secure software systems, then conduct a comparative analysis of existing Chinese IT security standards and the corresponding international standards, and build a customized estimation model to leverage cost estimation relationships with the most similar security requirements, with appropriate adjustment to reflect the differences in standards. The resultant model is evaluated through an example project and results show encouraging improvement in estimation accuracy.
Yang, Y., Du, J., & Wang, Q. (2015). Shaping the effort of developing secure software. In Procedia Computer Science (Vol. 44, pp. 609–618). Elsevier B.V. https://doi.org/10.1016/j.procs.2015.03.041