Our Security Practices Evaluation Framework (SP-EF) consists of context metrics, adherence metrics, and outcome measures, described in the framework document.
The goal of this project is to enable the software security research community to combine, compare and analyze case studies of software security practices and processes by providing a repeatable evaluation framework.