International Research Publication House (IRPH)
Quantifying the security of software is a research problem that has recently assumed tremendous significance. Various metrics have been and are being proposed for this purpose. It is always not clear as to what extent these metrics actually reveal the security of the software they are attempting to measure. Given a software that has been in use for a year, and the data pertaining to the number of security attacks on the software on one side and a set of \"Security metrics\" for the software, a genetic algorithm can be of great help in identifying which subset of metrics accurately quantify the security of the software.