A reference measurement framework of software security product quality (SPQ NFSR )

Abstract Currently, the customer's demands have expressively amplified their expectations of getting software at a high‐quality level. However, the non‐functional requirements of the software products attention have been expanded in both the academic and the industrial fields; so, there is no framework for specifying and measuring such kinds of quality constraints for the security requirements of software product quality. This paper presents an integrated framework of the early specification and measurement of the functional and non‐functional software security requirements. Such a measurement framework would help software and systems engineers to improve product qualities whether the software has already been delivered or has yet to be built. The main steps that have been followed include: identify, specify and measure the software security requirements based on ISO/IEC SQuaRE series of international standards for software product quality. A standard measurement framework used to measure the functional size of the software product quality to develop a functional size measurement of the functional and non‐functional security requirements is described. As a result, a functional size measurement framework of the functional and non‐functional security requirements (SPQ NFSR ) using international standards is proposed. An automatic teller machine case study for the measurement of security requirements based on perspectives of a software functional user requirements is presented. Finally, it is concluded that it is essential to develop such a functional size measurement framework for functional and non‐functional security requirements to support developers to face the challenges derived from early dealing with such requirements.