Abstract: Security upgrading is possible with the help of security attributes, security metrics and models. Unifying attributes, metrics models and tools a security estimation life cycle has been proposed in this study. Security estimation is needed to identify and mitigate security threats, holes and attacks. In absence of any standard framework or model to estimate software security, it appears worthwhile proposing a methodology to predict software security early in the development life cycle. It has been observed that security estimation at early stage of development life cycle assist developer to mitigate vulnerability and to produce highly secured software. In addition, early detection of vulnerabilities, threats, worms and attacks reduces cost, time and rework. The proposed lifecycle is yet to be implemented in order to analyze the tryout data and to verify the effectiveness.