Research On Comprehensive Evaluation Method Of Application Software Security

As users enjoy the intelligent, efficient and convenient services which application software has brought, they also have realized that security problems arise and cause lots of loss. So, application software security is very important for our life and job. At present, the most application software security evaluation methods are from the point of view of software engineering, which do not consider the software security requirements of the users. As the application software security, the users mainly concern about the security of user information and security impact extent of application software on system.Based on the above background, a new solution to evaluate application software security is proposed in this paper, which based on a user point of view. The software which used as assessment has a similar function. We try to finish the following works:Firstly, this paper conducts in-depth analysis of the concepts and theories of software security, and the four key elements that affect the application software security are abstracted. They are:"security attributes","vulnerability factors","impact extent of application software on system security","change extent of application software on system attack surface". Then, we filter indicators from four key elements by a user questionnaire survey and expert scoring, and set up an index-system of application software security evaluation.Secondly, this paper analyzes the advantages and disadvantages of the commonly comprehensive evaluation method. The results of the application software security evaluation are received by using the expert scoring method, AHP (Analytic Hierarchy Process) and SAW (Simple Additive Weighting). Next, the results are in-depth analyzed by using CA (Cluster Analysis), and the application software security is divided into six grades.Finally, six browsers are chosen as the samples to carry on the real diagnosis of the security evaluation. The results show that the proposed comprehensive evaluation method can complete the application software security evaluation. Through our analysis a basis for decision making would be provided for users to fast and comprehensively understand the security of application software and choose appropriate software.