In today's information age, software is attacked deliberately resulting in breach of security & people's trust. These malicious attacks provide harm to individuals, organizations, and the world at large. The attacker targets vulnerabilities to exploit the software. The chapter highlights the importance of security metrics which is comprehensive in nature and easily implementable. It also emphasis on the early implementation of security metrics i.e., from the requirements elicitation phase of requirement engineering stage so that a comprehensive and complete set of security requirements could be defined with their countermeasure to develop a secured software. For development of security metrics a framework has been proposed using use case and misuse case tree modeling. The proposed work may help the Software Security Team to identify and analyse the potential vulnerabilities and associated threats which may be exploited by the attacker to harm the system well in advance in the requirements engineering phase thereby balancing the security using misuse cases modeling.
Refactoring Misuse Case Diagrams using Model Transformation