In recent years, the security of software becomes one significant feature of software. This paper improves trustworthy software engineering through a knowledge based expert system. We propose the knowledge collection and organization method, and threats analyzing algorithm in detail which are the kernel of the expert system. The software threat information is divided into threat state and exploit, and stored in the knowledge database together with the state production and exploit production representing the relationships between threat state and exploit. The threat analysis calculates the threat degree quantitatively of an application based on this knowledge in a formal way and give security advice to mitigate threats. Our method can reduce the work of an experienced security expert which is time consuming and economic costly, therefore popularizes the trustworthy software engineering.
An Indicators-of-Risk Library for Industrial Network Security