Software Security Metrics

ABSTRACT

A well-defined and fully validated suite of software security metrics are desirable to take into account software internal attributes, developers who develop the software, attackers who attack the software, and users who use the software. We aim to investigate existing and new security metrics to predict which code locations are likely to contain vulnerabilities. In particular, we outlined following broad categories to advance existing software engineering research in areas of software security metrics: 1) Security Metrics for Incorporating Global Attack Trends, 2) Grounded Theory for the Identification of Security Metrics, and 3) Security Metrics for Incorporating Run-time Information from Deployed Systems.