Security is one of the non-functional characteristics of a software product However, some security activities (such as login and logout) are considered functional and hence are counted by function points (FP) according to function point analysis (FPA).

The purpose of this document is to guide users of the International Function Point Users Group (IFPUG) methods to distinguish between the functional and the non-functional aspects of software security. It contains general guidelines as to what should be considered functional and what should be considered non-functional.  It also presents case studies using the Software Non-functional Assessment Process (SNAP) methodology to size security non-functional requirements (NFRs).

The intended audience of this paper includes all levels of professionals who need to apply FPA and SNAP to measure software security requirements. Those who need to interpret and use the results of such measurements in the context of project estimating, planning and control also will find this paper of interest.

Sections 2-5 are oriented for all users.

Section 6 and following address the non-functional aspects of security and is oriented for SNAP users.

Login as a member to access this resource.

Non-Members: $20.00, purchase the publication here: https://ifpug.memberclicks.net/measuringsize