DEVELOPMENT OF SOFTWARE QUALITY ASSURANCE PERFORMANCE INDICATORS FOR ASSESSING CYBER RESILIENCE OF SYSTEMS

Abstract

Cyber resilience is becoming an essential property of modern information systems, particularly in critical infrastructure and enterprise environments where the ability to resist, absorb, and recover from cyberattacks is vital. While existing security frameworks emphasize threat detection, incident response, and risk management, the influence of software quality assurance (SQA) processes on cyber resilience remains insufficiently studied. This paper addresses this gap by proposing a structured methodology for evaluating the impact of SQA practices on the cyber resilience of software systems through a set of normalized and weighted quality indicators.

The proposed approach combines elements of established software quality models such as ISO/IEC 25010 and CMMI with cybersecurity standards and frameworks including NIST, MITRE ATT&CK, and CIS Controls. It introduces a unified system of metrics that includes test coverage, defect density, response time to vulnerabilities, mean time to recovery, code complexity, and review frequency. These metrics were empirically assessed in a controlled experimental environment using widely adopted DevSecOps tools such as Jenkins, SonarQube, and Allure Report.

The experiment involved two software development configurations: a basic setup with minimal quality assurance and an enhanced one featuring systematic testing, regular code reviews, and developer training. The findings show that improvements in SQA practices led to a significantly higher level of cyber resilience. The enhanced configuration demonstrated better performance in all key metrics, especially in reducing recovery time and increasing the percentage of test coverage.

The results confirm a strong correlation between effective software quality assurance and the system’s capacity to withstand cyber threats. The proposed model can be used to support decision-making in secure software development, providing a foundation for automated monitoring of resilience based on existing quality assurance infrastructure. Future research will focus on expanding the metric set and applying the methodology to systems with diverse architectures and operational contexts.