KeyWords: Security issues, security testing, security metrics, security risks http://creativecommons.org/licenses/by/4.0/legalcode Lazić, Ljubomir Avdić, Dženan Pljasković, Aldina Proceedings of the 6th WSEAS European Computing Conference (ECC '12) Prague Abstract: Software security addresses the degree to which software can be exploited or misused. Software development is not yet a science or a rigorous discipline, and the development process by and large is not controlled to minimize the vulnerabilities that attackers exploit. Security is a blend of -enhanced processes and practices—and the skilled people to perform them— which are required to build software that can be trusted not to increase risk exposure. Three categories of analysis provide such a blend: threat modeling, risk analysis, and security assessment and testing. This article discusses the role of software testing in a security-oriented software development process. It focuses on two related topics: functional security testing and risk-based security testing. Any endeavor worth pursuing is worth measuring, but software security presents new measurement challenges: there are no established formulas or procedures for quantifying the security risk present in a program. This paper details the importance of measuring software security and discusses the lessthan satisfying approaches that are prevalent today. A new set of metrics is then proposed for ensuring an accurate and comprehensive view of software projects ranging from legacy systems to newly deployed web applications. Many of the new metrics make use of source code analysis results. application/pdf 778218 bytes eng https://phaidrabg.bg.ac.rs/o:32584 Software Security Analysis, Metrics, and Test Design Considerations info:eu-repo/semantics/article 2012