Software Security Risk Analysis Using Fuzzy Expert System

Today, there is wide concern on the security of software systems because many organizations depend largely on them for their day-to-day operations. Since we have not seen a software system that is completely secure, there is need to analyze and determine the security risk of emerging software systems. This work presents a technique for analyzing software security using fuzzy expert system. The inputs to the system are suitable fuzzy sets representing linguistic values for software security goals of confidentiality, integrity and availability. The expert rules were constructed using the Mamdani fuzzy reasoning in order to adequately analyse the inputs. The defuzzification technique was done using Centroid technique. The implementation of the design is done usingMATLAB fuzzy logic tool because of its ability to implement fuzzy based systems. Using newly develop software products from three software development organizations as test cases, the results show a system that can be used to effectively analyze software security risk