Security Metrics for Assessing Security Risks of Software in Agile Development Methods

Ala. A. Abdulrazeg; Salim. A. Adrees; Faitouri. A. Aboaoja

doi:10.58916/jhas.v10i4.1001

Authors

Ala. A. Abdulrazeg Computer Engineering Department, Faculty of Engineering, Omar Al-Mukhtar University, El-Beida, Libya Author
Salim. A. Adrees Computer Engineering Department, Faculty of Engineering, Omar Al-Mukhtar University, El-Beida, Libya Author
Faitouri. A. Aboaoja Computer Science Department, Faculty of Science, University of Derna, Derna, Libya Author

DOI:

https://doi.org/10.58916/jhas.v10i4.1001

Keywords:

Agile Software Development, Security Activities, Security Metrics, Vulnerability Management

Abstract

Agile methodologies have become key players in modern software development, offering flexibility, rapid and customer-focused delivery. Integrating security practices into Agile workflows is critical for building resilient and trustworthy systems. However, security practices alone provide limited visibility into an application’s actual security posture. To address this gap, Agile teams require quantifiable, actionable security metrics that enable continuous assessment and improvement of security integration throughout the development process, a task that remains challenging due to the lack of such measures. This paper proposes a set of security metrics designed to evaluate the effectiveness of security activities across key Agile phases: before, during, and after each iteration. The proposed metrics focus on measurable artefacts such as threat model coverage, security acceptance criteria, secure coding adherence, security testing results, and post-iteration vulnerability management. These measures aim to assess how effectively teams deliver secure software while maintaining agility.