Date Added: Dec 2012
One of the biggest challenges faced by software engineers today is the engineering of secure software. Attempts are being made to apply the principles originally proposed for the engineering of "Quality" software to security. One of such principles is related to the development and usage of "Metrics" which are measures serving as indicators of how much of "Something" software possesses. Security metrics attempt to measure the "Amount" of security software has. In this paper, the authors propose some metrics, which apply at the source code level that can serve as a guide for software developers in identifying the most vulnerable parts of the source code. They also demonstrate the validity of the proposed metrics through empirical results.