Exploring the Impact of Security-Based Non-Functional Requirements on Early Software Size Estimation

Abstract

Software size -- often measured in the source lines of code (SLOC) -- fundamentally determines the software development effort. Realistic estimates of software size are, therefore, crucial for project planning. However, even though software size is influenced by both functional requirements (FRs) and non-functional requirements (NFRs), NFRs have been largely neglected in previous SLOC estimation studies. This study conducts an initial investigation of the impact of NFRs on early SLOC estimation by focusing on security-based NFRs related to data entry validations. First, the IFPUG software non-functional assessment process (SNAP) is used to calculate SNAP points for data entry validations (SPDEV). Then, SPDEV is used along with specially adjusted analysis class diagram (ACD) metrics to build and validate an early SLOC estimation model using an industrial dataset. Finally, the proposed model is compared with two existing size estimation models. Results indicate that our proposed model outperforms both models in terms of estimation accuracy.