Software security measurement is critical to the development of software and improvement of software security. Based on the entropy and attack surface proposed by Manadhata et al. (MANADHATA P K, TAN K M C, MAXION R A, et al. An approach to measuring a system's attack surface, CMU-CS-07-146. Pittsburgh: Carnegie Mellon University, 2007; MANADHATA P K, WING J M. An attack surface metric. IEEE Transactions on Software Engineering, 2011, 37(3): 371-386), a method of software security measurement was used to assess the threat of the software's resources and provide the threat weight of these resources. Based on the threat weight, the attack surface metric was calculated for determining whether a software product is secure in design, or in what aspect the software product can be improved. The method is demonstrated in a case to show that, when using the method, the probable security threats can be found as early as possible to prevent from producing the software products that may have vulnerabilities, and the directions for the improvement of software security are pointed out clearly.