Science Publishing Group
In this paper, the authors survey on software security metrics and put forth an effort to characterize design time software security. Misconceptions associated to security metrics have been identified and discussed. A list of characteristics good security metrics should posses is listed. In absence of any standard guideline or methodology to develop early stage security metrics, an effort has been made to provide a strong theoretical basis to develop such a framework. As a result, a security metrics development framework has been proposed in this paper.