Google scholar arxiv informatics ads IJAIS publications are indexed with Google Scholar, NASA ADS, Informatics et. al.

Call for Paper


November Edition 2021

International Journal of Applied Information Systems solicits high quality original research papers for the November 2021 Edition of the journal. The last date of research paper submission is October 15, 2021.

Significance of Security Metrics in Secure Software Development

Shams Tabrez Siddiqui Published in Security

International Journal of Applied Information Systems
Year of Publication: 2017
Publisher: Foundation of Computer Science (FCS), NY, USA
Authors:Shams Tabrez Siddiqui
Download full text
  1. Shams Tabrez Siddiqui. Significance of Security Metrics in Secure Software Development. International Journal of Applied Information Systems 12(6):10-15, September 2017. URL, DOI BibTeX

    	author = "Shams Tabrez Siddiqui",
    	title = "Significance of Security Metrics in Secure Software Development",
    	journal = "International Journal of Applied Information Systems",
    	issue_date = "September 2017",
    	volume = 12,
    	number = 6,
    	month = "September",
    	year = 2017,
    	issn = "2249-0868",
    	pages = "10-15",
    	url = "",
    	doi = "10.5120/ijais2017451710",
    	publisher = "Foundation of Computer Science (FCS), NY, USA",
    	address = "New York, USA"


With increasing advancement of technology in the past years rise various security issues and problems. In this connected world, security is a paramount and challenging issue in software development and is the demand of time. However usually engineers/developers think about it after the development of the entire software and at that it’s too late. Though, the software developers are aware of the importance of security and its priority throughout software development life cycle. Considering the security challenging issues right from the early stages of software development and incorporating it during software development indicates good research and development.

When the metrics considered during software development process from the initial stage then it assess the security risks more efficiently. One of the best known approaches to develop security metrics is Goal/Question/Metric (GQM) approach that assesses the security risks in various stages of software development process. Software security can be measured with the help of metrics derived from the source available.

The main aim of this paper is to focus on numerous security metrics of software development phases and some standardized criteria is used for validation. Each and every phase have different metrics as compared to other. Those metrics are defined on the bases of their results and products. The final product derived from the proposed security metrics of the software will be secure and qualified.


  1. S. T. Siddiqui, H. S. A. Hamatta and M. U. Bokhari, “Multilevel Security Spiral (MSS) Model: NOVEL Approach”, International Journal of Computer Applications, vol. 65, no. 20, pp. 15-20, 2013.
  2. G. McGraw, “Software Security”, IEEE Security & Privacy, vol. 2, no. 2, pp. 80-83, 2004.
  3. D. G. Firesmith, “Specifying reusable security requirements”, Journal of Object Technology, vol. 3, no. 1, pp. 61-75, 2004.
  4. Dustin E, “The Secure Software Development Lifecycle”, Dev Source (sponsored by Microsoft), 2006.
  5. A. Abdi, “Using Security Metrics in Software Quality Assurance Process”, On 6'th International Symposium on Telecommunications (IST'2012) IEEE, 2013.
  6. M. U. Bokhari and S. T. Siddiqui, “Metrics for Requirement Engineering and Automated Requirement Tools”, In Proceedings of the 5th National Conference; INDIACom-2011, New Delhi, 2011.
  7. M. U. Bokhari and S. T. Siddiqui, “A Comparative Study of Software Requirements Tools for Secure Software Development”, BVICAM?S International Journal of IT (BIJIT), vol. 2, no. 2, pp. 207-216, 2010.
  8. Website: Https:// Accessed: January 27, 2017.
  9. M. A. Hadavi, H. M. Sangchi, V. S. Hamishagi and H. Shirazi, “Software security; A vulnerability-activity revisit”, In Proceedings of the 2008 Third International Conference on Availability, Reliability and Security (ARES’08), pp. 866-872, 2008.
  10. K. Sultan, A. E-Nouaary and A. H-Lhadj, “Catalog of metrics for assessing security risks of software throughout the software development life cycle”, In Proceeding of International Conference on Information Security and Assurance, IEEE Computer Society, pp. 461-465, 2008.
  11. I. Chowdhury, B. Chan and M. Zulkernine, “Security metrics for source code structures”, In Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems (ICSE’08), Leipzig, Germany: ACM, pp. 57-64, 2008.
  12. S. T. Siddiqui, “Comparative Study and Design of Software Requirement Tools for Secure Software Development”, Ph. D Thesis, Department of Computer Science, A. M. U., Aligarh, India, 2015.
  13. S. Jain and M. Ingle, “Review of security metrics in software development process”, International Journal of Computer Science and Information Technologies, vol. 2, no. 6, pp. 2627-2631, 2011.
  14. G. Caldiera, V. R. Basili and H. D. Rombach, “The goal question metric approach”, Encyclopedia of software engineering, J. J. Marciniak(ed.), New York, USA: John Wiley & Sons, vol. 2, pp. 528-532, 1994.
  15. S. R. Ahmed, “Secure software development - Identification of security activities and their integration in software development lifecycle”, Master’s Thesis, School of Engineering, Blekinge Institute of Technology, Sweden, 2007.
  16. B.W. Boehm, “A spiral model of software development and enhancement”, TRW Defense Systems Group, IEEE Computer, vol. 21, no. 5, pp. 61-72, 1988.
  17. B. Potter, “Software security testing”, IEEE Security & Privacy Magazine, IEEE Computer Society, vol. 2, no. 5, pp. 81-85, 2004.
  18. M. Howard, “A Look Inside the Security Development Lifecycle at Microsoft”, MSDN Magazine, USA, 2005.
  19. M. Howard, “A Process of performing security code reviews”, IEEE Security & Privacy Magazine, vol. 4, no. 4, pp. 74-79, 2006.
  20. S. T. Siddiqui and M. U. Bokhari, “Selecting appropriate Requirements Management Tool for developing Secure Enterprises Software”, International Journal of Information Technology and Computer Science, vol. 6, no. 4, pp. 49-55, 2014.
  21. J. Whittaker, “Why secure applications are difficult to write”, IEEE Security & Privacy Magazine, IEEE Computer Society, vol. 1, no. 2, pp. 81-83, 2003.
  22. H. H. Thompson, “Why security testing is hard”, IEEE Security & Privacy, vol. 1, no. 4, pp. 83–86, 2003.
  23. M. I. Daud, “Secure software development model: A guide for secure software life cycle”, In Proceedings of the International MultiConference of Engineers and Computer Scientists (IMESC'10), Hong Kong, vol. 1, pp. 1-5, 2010.
  24. Website: Accessed: August 28, 2017.
  25. The Chaos Report, the Standish Group International, Inc., [Online] 1994, Available online at: 1994.pdf . Accessed: August 7, 2016.
  26. A. Aurum and C. Wohlin, “Requirements Engineering: Setting the context”, In Engineering and Managing Software Requirements, A. Aurum and C. Wohlin (Eds.) Springer-Verlag, Berlin, Germany, pp. 1-15, 2005.
  27. S. Rosenberg, “Standish’s CHAOS Report and the software crisis”, [Online] 2006, Available online at: Accessed: August 7, 2014.
  28. [Online] The Chaos Report – 1995. Parthenon Consultancy Ltd, Available online at: Accessed: August 9, 2017.


Security risks, software development life cycle, metrics, GQM