Achieving "Good Enough" Software Security: The Role of Objectivity.

Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also delayed. This paper discusses the role of objectivity in assessing and researching the goal of good enough security. Different understandings of objectivity are introduced, and the paper explores how these can guide the way forward in improving judgements on what level of security is good enough. The paper recommends adopting and improving upon methods that include different perspectives, support the building of interactive expertise, and support confirmability by keeping documentation of the basis on which judgements were made.