Date Added: Dec 2010
Security measurement in software is becoming a somewhat mature field, as evidenced by professional and international standards, specialized conferences, and several decades of literature and research. In spite of this history, security till date is a qualitative measure. For the past 20 years, the International computer security community has been developing criteria and methodologies for the security evaluation of IT products and systems The evaluation processes are highly qualitative as all the evaluation evidence, evaluator's qualification and experience, and evaluation methods are often difficult to quantify. Though every organization in some way or another is measuring the security of software, but still no standard metrics for measuring security of an information system is defined.