R. R. Fatkieva, V. V. Pometsko

Testing is an integral part of the software engineering process and as a result means a definition of a quality concept for a product current implementation. In the article an approach to the software appreciation based on the vulnerability metrics is suggested. An employment of the led in metrics is possible on the automated static testing stage and raises the quality of the product code. It is proposed to scan and analyze the program source code in accordance with characteristics of the program as the whole and as a set of a separate functions. The concepts of a syntactic unit, the metrics and the vulnerability are mathematically grounded. Leading a number of metrics aimed at the language syntactic units and the vulnerabilities using them, as a result means a reception of more exact conclusion of the program source code research. A restriction of the supposed method is that the vulnerability revelation assumes the appropriate metrics presence. As distinguished form a template scanning this method allows to implement more complete analysis of a primary symptoms of the vulnerability presence and can be described as an expansion able one.