Using security metrics in software quality assurance process

With technology advances in recent years, security problems become more important. Security measurement and monitoring helps system developers to design and assure secure systems. Today security metrics are used in variety of fields as software development process. Secure software cannot intentionally force to fail and remains correct and predictable in spite of intentional efforts. Determining software security metrics during its development phases assures its quality and security. Good metrics should be specified, measurable, repeatable and time dependant. The method of this paper proposes some security metrics in different software development phases and validates them based on some standardized criteria. Different phases have different metrics that are defined based on their results and products. By using proposed security metrics during software development cycle, the final product will be secure and qualified.