Abstract
Building secure software is a challenging process. It is a process informally guided by common knowledge, best practice and undocumented expert knowledge. Furthermore, software vulnerabilities can arise from many factors. Lack of secure processes in the software developing lifecycle is a crucial one of those factors. For that, research efforts have been made to establish formal methodologies and techniques for engineering secure software. On the other hand, to improve software security, one should have the tools and measures for evaluating software security. In this paper, we propose a methodology for minimizing software vulnerability for enhancing its security. This methodology is implemented in the processes of the software development life cycle. Also, we provide some measures to evaluate the level of security of the developed software. Instead of measuring security performance after each development iteration in the life cycle, our methodology proposes measures to evaluate security in each process in the development process within the iteration. The proposed methodology is implemented on a real software development process and results show that our method has improved software security.