Software security has become an increasingly important issue for information and software system. Secure vulnerabilities of software system may cause a company out of business and even destroy the social normal operation. How to improve software security becomes a critical issue in software development process. In this paper, utilizing the static program analyzer and dynamic simulation analyzer to collect metrics, proposes an Analyzer-based Software Security Measurement (ASSM) model. Applying ASSM model, the secure flaws of software system can be identified clearly. And, using a Rule-based Software Security Improvement (RSSI) operation to control and improve security defects and security vulnerability of software system. The security risk of software system can be reduced efficiently.