Abstract
Integrating security at each phase of the software Development Life cycle (SDLC) has become an urgent need. Moreover, security must not be overlooked at early phases of SDLC. This helps to minimize cost and efforts for later phase of the life cycle. In addition, software security metrics are the tools to judge level of security of software. Without the use of the metrics, no one can ensure the usefulness of any approach which claims to improve security of the software. The paper presents a phase-wise review of security metrics and the issues in their adaptation. Though there are security metrics available for each phase of the software development life cycle, their usefulness in the software industry or in research is in question without their validation. In addition, a concrete research is needed to develop security metrics at early phases of software development life cycle.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
McGraw, G.: “Software Security”:Building Security In. (Addison-Wesly, 2006)
Islam, S. Falcarin, P.: Measuring Security Requirements for Software Security. In 10th International Conference on Cybernetic Intelligent Systems (CIS), ISBN 978-1-4673-0687-4, Doi 10.1109/CIS.2011.6169137, pp. 70-75, IEEE, (2011)
McGraw, G., Potter, B.: Software Security Testing [J]. IEEE Security & Privacy, 2(5):81–85, (2004)
Herrmann, D.S.: Complete Guide to Security And Privacy Metrics. Auerbach Publications, ISBN: 0-8493-5402-1. (2007)
Swanson, M., Bartol, N., Sabato, J., Hash, J., and Graffo, L.: Security Metrics Guide For Information Technology Systems. NIST Special Publication 800–55, National Institute Of Standards And Technology, (2003)
Chaula, J. A., Yngstrom, L., and Kowalski, S.: Security Metrics And Evolution Of Information Systems Security. In Proc. of the 4th Annual Conference on Information Security For South Africa, (2004)
Payne, S. C.: A guide To Security Metrics. (2001)
Goodman, P.: Software Metrics: Best Practices For Successful IT Management. (2004)
Alshammari, B., Fridge, C., Corney, D.: “Developing Secure System: A Comparative Study of Existing Methodologies”. Lecture Notes on Software Engineering, vol.2, no.2, may 2016, pp: 139–146, doi: 10.7763/LNSE.2016.V4.239
Lim, DE., Kim, TS.: Modelling Discovery and Removal of Security Vulnerabilities in Software System Using Priority Queuing Models. Journal of Computer Virology and Hacking Techniques, Springer, 10: 109–114,DOI 10.1007/s11416-014-0205-z, (2014)
Abdulrazeg, A. A., Norwani, N. Md., Basir, N.: Security Metrics to Improve Misuse Case Model. International conference on Cyber Security, Cyber Warfare and Digital Forensic, ISBN 978-1-4673-1425-1, Doi 10.1109/CyberSec.2012.6246129, pp. 94–99, IEEE, (2012)
Joh, HC., Malaiya, Y. K.: A Framework for Software Security Risk Evaluation Using the Vulnerability Lifecycle And CVSS Metrics. Proc. International Workshop on Risk and Trust in Extended Enterprises, pp. 430–434 (2010)
Savola, R. M.: A security Metrics Development Method for Software Intensive Systems. Advances in Information Security and its Application, Communications in Computer and Information Science, 2009, Volume 36, pp. 11-16,Springer, (2009)
Wang, J. A., Wang, H., Guo, M., Xia, M.: Security Metrics for Software Systems. In the Proc. Of ACMSE, March 19–21, Clemson, SC, USA, (2009)
Hadvi, M. A., Sangchi, H. M., Hamishagi, V. S., Shirazi, H.: Software Security; A Vulnerability-Activity Revisit. Third International conference on Availability, Reliability, and Security, ISBN 978-0-7695-3102-1, Doi10.1109/ARES.2008.200 IEEE, (2008)
Payne, S. C.: “A Guide to Security Metrics”. SANS Institute 2007. Available at: www.sans.org/reading_room/whitepapers/auditing/55.php. Last visit Aug. 22 2016.
Alhazmi, O. H., Malaiya, Y. K., Ray, I.: Measuring, Analysing, and Predicting Security Vulnerabilities in Software Systems. Computers and Security Journals, pp. 219–228, (2007)
Manadhata, P. K and Wing, J. M.: An Attack Surface Metric. Technical Report. School of Computer Science, Carnegie Mellon University (CMU). CMU-CS-05-155, (2005)
Jain, S., Ingle, M.: Security Metrics and Software Development Progression. Journal of Engineering Research and Applications, ISSN: 2248–9622, Vol. 4, Issue 5 (Version 7), pp. 161–167, (2014)
Sultan, K., En-Nouaary, A., H-Lhadj, A.: Catalog for Assessing Risks of Software Throughout the Software Development Life Cycle. In the Proc. of International Conference on Information Security and Assurance, pp. 461–465, IEEE, (2008)
Agarwal, A., Khan, R. A.: Assessing Impact of Cohesion on Security- An object Oriented Design Perspective. vol 76, No. 2, pp. 144–155, Pensee Journal, (2014)
Alshammari, B., Fridge, C., Corney, D.: Security Metrics for Object-Oriented Designs. Proc. 21st Australian software Engineering Conference, IEEE Press, pp. 55–64, Doi:ieeecomputersociety.org/10.1109/ASWE(2010)
Agarwal, A., Khan, R. A.: Role of Coupling in Vulnerability Propagation Object Oriented Design Perspective. Software Engineering: An International Journal (SEIJ), Vol. 2, No. 1, pp. 60–68, (2012)
Alshammari, B., Fridge, C., Corney, D.: Security Metrics for Object-Oriented Class Designs. In proceedings of the Ninth International Conference on Quality software (QSIC), IEEE, (2009)
Chowdhury, I., Chan, B., Zulkerine, M.: Security Metrics for Source Code Structures. In Proceedings of the Fourth International Workshop on Software Engineering For Secure Systems, ACM, pp. 57–64. (2008)
Nguyen, V. H., Tran, L.M.S.: Predicting Vulnerable Software Components with Dependency Graphs.In Proceedings of the 6th International Workshop on Security Measurements and Metrics, ISBN: 978-1-4503-0340-8, Doi: 10.1145/1853919.1853923, (2010)
Acknowledgements
This work is sponsored by UGC-MRP, New Delhi, India under F. No. 43-391/ 2014 (SR)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ansar, S.A., Alka, Khan, R.A. (2018). A Phase-wise Review of Software Security Metrics. In: Perez, G., Mishra, K., Tiwari, S., Trivedi, M. (eds) Networking Communication and Data Knowledge Engineering. Lecture Notes on Data Engineering and Communications Technologies, vol 4. Springer, Singapore. https://doi.org/10.1007/978-981-10-4600-1_2
Download citation
DOI: https://doi.org/10.1007/978-981-10-4600-1_2
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-4599-8
Online ISBN: 978-981-10-4600-1
eBook Packages: EngineeringEngineering (R0)