The proportion of software in UAVs has increased rapidly in recent years. However, it is becoming increasingly difficult to secure the avionic software against security threats. There are no airworthiness certification criteria for the security as well as the safety of UAVs. Therefore, it will be necessary to study on the airworthiness certification criteria and methodology for the safety and security of UAVs, considering the recent trend of the increase in the use of UAVs. The integrated airworthiness certification criteria for safety and security in avionic software to save time and cost were most recently proposed. This paper introduces the comparison between CC, DO-178C, and airworthiness security activities. It also presents the quantitative risk assessment method that is capable of analyzing vulnerabilities and assesses risks quantitatively using the case of security threats to the avionic software of UAVs. It derives the security objectives and requirements for UAVs’ avionic software based on the result of the security risk assessment. Finally, this paper proves the effectiveness of the risk assessment methods by applying them to real case of UAVs.