A systematic review on security metric in secure software development lifecycle

A security metric evaluates the security performance, goals, and objectives of software and provides information that helps in the assessment of software security. With the advancement in technology, software is faced with lots of threats and risks to customers’ data and privacy. Most of these threats are a result of security being considered as a feature of software and not taking it into account during the development of the software. Security metrics obtained during the development process go a long way to improve the core security properties of software, that is: confidentiality, integrity, and availability. Thus, it is of obvious importance to consider security across the software development lifecycle, hence, the use of software security metrics. This paper reviews the various security metrics that are meditated in the copious phases during the progression of the lifecycle with the aim of providing practitioners, managers, and researchers the substantial knowledge for further security assessment.