V. I. Vorobiev , R. R. Fatkieva

Nature of software code vulnerabilities is defined by structural interactions of its complex components, such as: stack overflow; embedded code; formatting faults; heap overflow; OS faults; filters circumvention; faults of phasing and tools for tracing vulnerabilities, instrumental and binary analysis. Simulation testing lets stress task of making most flexible verification process, but does not solve task of testing and leads to faults, contained almost in all software. These faults define nature of vulnerabilities in most cases in combination with natural complexity of software. Software evaluation process based on metrics for vulnerabilities estimation is suggested. Using object-oriented metrics during software development process helps to estimate efforts needed for testing and development, understandability, maintainability and reuse possibility