駭客入侵、病毒攻擊與系統本身的安全漏洞持續危害正常運作的軟體系統，使得軟體系統的安全性受到嚴重的考驗。在軟體開發過程中的安全風險問題，受到技術、管理及制度等層面的衝擊，融入產品中的安全缺失不易被及時發現，因此，一旦問題浮現後，安全漏洞所造成危害與損失，將形成難以預期的危機。為此，如何運用安全風險管理降低安全漏洞與缺失，成為值得深入探究的課題。軟體開發前的安全風險評估，是降低安全風險的關鍵，適時標示出軟體開發可能發生的安全風險，才能針對安全風險提出具體的改善措施與監控作業，進而降低軟體安全風險，提昇軟體系統的安全性。本文針對技術、管理及制度等層面的安全風險因子進行探討與蒐集，且提出一套以量測為基礎的軟體安全風險改善作業(SEcurity Risk Improvement Operation; SERIO)，協助軟體開發過程中，找出潛在的安全風險，且衍生出安全風險的改善與監控作業，有效提高軟體系統的安全性。

Hacker invaded, virus attacked and system security vulnerabilities endanger normal operation of software system and cause software system security suffer serious test. The security risk issue is impacted by such aspects as the technology, management and system, etc. in software development. It is difficult to find and modify the security lacks of software system in time, so, once after the question appears, security holes and lacks may cause unexpected result. For this, how to use security risk management to reduce security hole and lack, become the subject that is worth probing into thoroughly. The security risk assessment before software development is the key to reducing security holes and lacks. Identify the security risk that software development may take place, could put forward the concrete improvement measure and control operation to the security risk, and then reduce the security risk and promote the security of the software system. This paper carries on the discussion and collects to the security risk factor of such aspects as the technology, management and system, etc. And propose a Measurement-based Improvement Operation for Software Security Risk (SEcurity Risk Improvement Operation; SERIO). Applying the SERIO to software development, can help to find out the potential security risk, derive out improvement of the security risk and control operation, and increase the security of the software system effectively.