Abstract: In the process of software development, developers usually pay less attention to code security. At the same time, the existing security testing and penetration testing also lack overall security analysis, which makes hard to control the risk of software vulnerability. If there is a security vulnerability in the software, it will seriously affect the system security. This article focusing on the background of the national network security, the independent and controllable strategy of the basic software and hardware, and the shortcomings of the existing software vulnerability risk assessment, propose the risk assessment algorithm of Software vulnerability based on Sigmoid function in order to evaluate the risk of software. The algorithm can help developers quickly locate the worst security code modules, repair it or select more secure and excellent code, so that improve the general security level of the software.

Key words: Sigmoid, software vulnerability, risk assessment algorithm, software security, code security

摘要： 在软件开发过程中，开发人员通常对代码的安全性关注较少，同时现有的安全测试与渗透测试也缺乏整体安全分析，导致软件漏洞风险难以把控．若在软件产品中存在安全漏洞，将对涉及该软件产品的系统安全造成严重影响．着眼于国家网络安全与基础软硬件自主可控战略的大背景和现有软件漏洞风险评价的不足之处，提出基于Sigmoid函数的软件漏洞风险评价算法，对软件的安全漏洞风险情况进行评价，帮助开发人员快速定位安全性最差的代码模块，修补或选取更加安全、优秀的代码，提高软件整体安全水平．

关键词: Sigmoid函数, 软件漏洞, 风险评价算法, 软件安全, 代码安全