Main Article Content
The use of software security metrics is one of the methods in measuring quantitatively the reliability of a software. These measures can be used in assessing resource allocation, program planning, risk assessment, and product or service selection. One of the commonly used measurements is the attack surface and vulnerability density. Both of these measurement methods have been widely used by several large technology companies, but determining the validity of software security measures remains a challenge in itself. A safety measure cannot measure all aspects of security and therefore the use of various measurement methods is required in some cases. This study aims to see the relationship between the measurement based on attack surface and vulnerability density by applying to several web servers that are placed in the demilitarized zone (DMZ) area, which is an area flanked by two or more firewalls.