Skip to main content
SpringerLink
Log in

A Phase-wise Review of Software Security Metrics

  • Conference paper
  • First Online:
Networking Communication and Data Knowledge Engineering

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 4))

Abstract

Integrating security at each phase of the software Development Life cycle (SDLC) has become an urgent need. Moreover, security must not be overlooked at early phases of SDLC. This helps to minimize cost and efforts for later phase of the life cycle. In addition, software security metrics are the tools to judge level of security of software. Without the use of the metrics, no one can ensure the usefulness of any approach which claims to improve security of the software. The paper presents a phase-wise review of security metrics and the issues in their adaptation. Though there are security metrics available for each phase of the software development life cycle, their usefulness in the software industry or in research is in question without their validation. In addition, a concrete research is needed to develop security metrics at early phases of software development life cycle.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. McGraw, G.: “Software Security”:Building Security In. (Addison-Wesly, 2006)

    Google Scholar 

  2. Islam, S. Falcarin, P.: Measuring Security Requirements for Software Security. In 10th International Conference on Cybernetic Intelligent Systems (CIS), ISBN 978-1-4673-0687-4, Doi 10.1109/CIS.2011.6169137, pp. 70-75, IEEE, (2011)

  3. McGraw, G., Potter, B.: Software Security Testing [J]. IEEE Security & Privacy, 2(5):81–85, (2004)

    Google Scholar 

  4. Herrmann, D.S.: Complete Guide to Security And Privacy Metrics. Auerbach Publications, ISBN: 0-8493-5402-1. (2007)

    Google Scholar 

  5. Swanson, M., Bartol, N., Sabato, J., Hash, J., and Graffo, L.: Security Metrics Guide For Information Technology Systems. NIST Special Publication 800–55, National Institute Of Standards And Technology, (2003)

    Google Scholar 

  6. Chaula, J. A., Yngstrom, L., and Kowalski, S.: Security Metrics And Evolution Of Information Systems Security. In Proc. of the 4th Annual Conference on Information Security For South Africa, (2004)

    Google Scholar 

  7. Payne, S. C.: A guide To Security Metrics. (2001)

    Google Scholar 

  8. Goodman, P.: Software Metrics: Best Practices For Successful IT Management. (2004)

    Google Scholar 

  9. Alshammari, B., Fridge, C., Corney, D.: “Developing Secure System: A Comparative Study of Existing Methodologies”. Lecture Notes on Software Engineering, vol.2, no.2, may 2016, pp: 139–146, doi: 10.7763/LNSE.2016.V4.239

  10. Lim, DE., Kim, TS.: Modelling Discovery and Removal of Security Vulnerabilities in Software System Using Priority Queuing Models. Journal of Computer Virology and Hacking Techniques, Springer, 10: 109–114,DOI 10.1007/s11416-014-0205-z, (2014)

  11. Abdulrazeg, A. A., Norwani, N. Md., Basir, N.: Security Metrics to Improve Misuse Case Model. International conference on Cyber Security, Cyber Warfare and Digital Forensic, ISBN 978-1-4673-1425-1, Doi 10.1109/CyberSec.2012.6246129, pp. 94–99, IEEE, (2012)

  12. Joh, HC., Malaiya, Y. K.: A Framework for Software Security Risk Evaluation Using the Vulnerability Lifecycle And CVSS Metrics. Proc. International Workshop on Risk and Trust in Extended Enterprises, pp. 430–434 (2010)

    Google Scholar 

  13. Savola, R. M.: A security Metrics Development Method for Software Intensive Systems. Advances in Information Security and its Application, Communications in Computer and Information Science, 2009, Volume 36, pp. 11-16,Springer, (2009)

    Google Scholar 

  14. Wang, J. A., Wang, H., Guo, M., Xia, M.: Security Metrics for Software Systems. In the Proc. Of ACMSE, March 19–21, Clemson, SC, USA, (2009)

    Google Scholar 

  15. Hadvi, M. A., Sangchi, H. M., Hamishagi, V. S., Shirazi, H.: Software Security; A Vulnerability-Activity Revisit. Third International conference on Availability, Reliability, and Security, ISBN 978-0-7695-3102-1, Doi10.1109/ARES.2008.200 IEEE, (2008)

    Google Scholar 

  16. Payne, S. C.: “A Guide to Security Metrics”. SANS Institute 2007. Available at: www.sans.org/reading_room/whitepapers/auditing/55.php. Last visit Aug. 22 2016.

  17. Alhazmi, O. H., Malaiya, Y. K., Ray, I.: Measuring, Analysing, and Predicting Security Vulnerabilities in Software Systems. Computers and Security Journals, pp. 219–228, (2007)

    Google Scholar 

  18. Manadhata, P. K and Wing, J. M.: An Attack Surface Metric. Technical Report. School of Computer Science, Carnegie Mellon University (CMU). CMU-CS-05-155, (2005)

    Google Scholar 

  19. Jain, S., Ingle, M.: Security Metrics and Software Development Progression. Journal of Engineering Research and Applications, ISSN: 2248–9622, Vol. 4, Issue 5 (Version 7), pp. 161–167, (2014)

    Google Scholar 

  20. Sultan, K., En-Nouaary, A., H-Lhadj, A.: Catalog for Assessing Risks of Software Throughout the Software Development Life Cycle. In the Proc. of International Conference on Information Security and Assurance, pp. 461–465, IEEE, (2008)

    Google Scholar 

  21. Agarwal, A., Khan, R. A.: Assessing Impact of Cohesion on Security- An object Oriented Design Perspective. vol 76, No. 2, pp. 144–155, Pensee Journal, (2014)

    Google Scholar 

  22. Alshammari, B., Fridge, C., Corney, D.: Security Metrics for Object-Oriented Designs. Proc. 21st Australian software Engineering Conference, IEEE Press, pp. 55–64, Doi:ieeecomputersociety.org/10.1109/ASWE(2010)

  23. Agarwal, A., Khan, R. A.: Role of Coupling in Vulnerability Propagation Object Oriented Design Perspective. Software Engineering: An International Journal (SEIJ), Vol. 2, No. 1, pp. 60–68, (2012)

    Google Scholar 

  24. Alshammari, B., Fridge, C., Corney, D.: Security Metrics for Object-Oriented Class Designs. In proceedings of the Ninth International Conference on Quality software (QSIC), IEEE, (2009)

    Google Scholar 

  25. Chowdhury, I., Chan, B., Zulkerine, M.: Security Metrics for Source Code Structures. In Proceedings of the Fourth International Workshop on Software Engineering For Secure Systems, ACM, pp. 57–64. (2008)

    Google Scholar 

  26. Nguyen, V. H., Tran, L.M.S.: Predicting Vulnerable Software Components with Dependency Graphs.In Proceedings of the 6th International Workshop on Security Measurements and Metrics, ISBN: 978-1-4503-0340-8, Doi: 10.1145/1853919.1853923, (2010)

Download references

Acknowledgements

This work is sponsored by UGC-MRP, New Delhi, India under F. No. 43-391/ 2014 (SR)

Author information

Authors and Affiliations

  1. Department of IT, Babasaheb Bhimrao Ambedkar University, Vidya Vihar, Raebareli Road, Lucknow, 226025, India

    Syed Anas Ansar,  Alka & Raees Ahmad Khan

Authors
  1. Syed Anas Ansar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alka
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Raees Ahmad Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Syed Anas Ansar .

Editor information

Editors and Affiliations

  1. University of Murcia, Murcia, Spain

    Gregorio Martinez Perez

  2. Department of Computer Science and Engineering, Motilal Nehru National Institute of Technology, Allahabad, Uttar Pradesh, India

    Krishn K. Mishra

  3. Department of Computer Science and Engineering, ABES Engineering College, Ghaziabad, Uttar Pradesh, India

    Shailesh Tiwari

  4. Department of Computer Science and Engineering, ABES Engineering College, Ghaziabad, Uttar Pradesh, India

    Munesh C. Trivedi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ansar, S.A., Alka, Khan, R.A. (2018). A Phase-wise Review of Software Security Metrics. In: Perez, G., Mishra, K., Tiwari, S., Trivedi, M. (eds) Networking Communication and Data Knowledge Engineering. Lecture Notes on Data Engineering and Communications Technologies, vol 4. Springer, Singapore. https://doi.org/10.1007/978-981-10-4600-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-4600-1_2

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-4599-8

  • Online ISBN: 978-981-10-4600-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation