o:32584 Software Security Analysis, Metrics, and Test Design Considerations en Abstract: Software security addresses the degree to which software can be exploited or misused. Software development is not yet a science or a rigorous discipline, and the development process by and large is not controlled to minimize the vulnerabilities that attackers exploit. Security is a blend of -enhanced processes and practices—and the skilled people to perform them— which are required to build software that can be trusted not to increase risk exposure. Three categories of analysis provide such a blend: threat modeling, risk analysis, and security assessment and testing. This article discusses the role of software testing in a security-oriented software development process. It focuses on two related topics: functional security testing and risk-based security testing. Any endeavor worth pursuing is worth measuring, but software security presents new measurement challenges: there are no established formulas or procedures for quantifying the security risk present in a program. This paper details the importance of measuring software security and discusses the lessthan satisfying approaches that are prevalent today. A new set of metrics is then proposed for ensuring an accurate and comprehensive view of software projects ranging from legacy systems to newly deployed web applications. Many of the new metrics make use of source code analysis results. KeyWords: Security issues, security testing, security metrics, security risks 1552100 978-1-61804-126-5 2024-01-27T10:30:51.587Z 44 no 46 Ljubomir Lazić Državni univerzitet u Novom Pazaru 0000-0001-9839-1238 Dženan Avdić Državni univerzitet u Novom Pazaru person 0000-0002-7729-3652 Aldina Pljasković Državni univerzitet u Novom Pazaru person 29219175 0000-0003-4312-3839 application/pdf 778218 https://phaidrabg.bg.ac.rs/o:32584 no yes 16 70 92000001 20A01 Proceedings of the 6th WSEAS European Computing Conference (ECC '12) Prague 355 367 2012