International Journal of Computer Applications
The present age, software is exploited and the understanding of increasing extent of risk exposure as a result is rarely developed. Security should be incorporate right from the requirements phase so that the security is inbuilt and properly incorporated into the software in development. To establish the fact that a process is improving or not is a matter that seems impossible without obtaining the measurements. Security requirements can be defined and developed using a no. of techniques like fault tree analysis, failure mode and effect analysis, threat modeling, misuse/abuse cases, attack tree etc.