D. Applying the Benchmark
The purpose of the proposed benchmark is to allow a
comparison between alternative software packages in terms
of security capability. To this end, the benchmark provides
two complementary outcomes: a Security Mechanisms
Compliance metric (SMC) that portrays the level of
compliance of the package in regard to the set of security
mechanisms we can devise from established security
practices and a gap analysis that allows identifying exactly
what are the mechanisms missing in each package.