The evaluation of software processes is nowadays a very important issue due to the growing interest of software companies in the improvement of the productivity and quality of delivered products. Software measurement plays a fundamental role here. Given the great diversity of entities which are candidates for measurement in the software process improvement context (process models, projects, resources, products) this measurement must be performed in a consistent and integrated way. This will facilitate the making of decisions in process improvement. In this paper, a proposal for the integrated management of the software measurement is presented. The goal is to provide companies with a generic and flexible environment for software measurement which facilitates and establishes the basis for a common and effective measurement process and which is not restricted to only one kind of software entity or to a single quality or evaluation model. In order to achieve this, the proposal adopts the Model Driven Engineering philosophy and provides: a metamodel for the definition of software measurement models; a flexible method to measure any kind of software entity represented by its corresponding metamodel and GenMETRIC, which is the software tool that supports the framework.

 continuous risk management process is a necessary part of any approach to software security. Software security risk includes risks found in artifacts during assurance activities, risks introduced by insufficient process, and personnel related risks. An overall risk management framework (described here) can help make sense of software security. Note that we are explicitly teasing apart architectural risk analysis (one of the critical software security best practices) and use of the risk management framework.

A risk management framework is an essential philosophy for approaching security work. Following the risk management framework introduced here is by definition a full life-cycle activity. For the purposes of this description, consider risk management a high-level approach to iterative risk analysis that is deeply integrated throughout the software development life cycle (SDLC).

The RMF described here is a condensed version of the Cigital RMF, a mature process that has been applied in the field for almost ten years. This RMF is designed to manage software-induced business risks. Through the application of five simple activities, analysts use their own technical expertise, relevant tools, and technologies to carry out a reasonable risk management approach.