近年來許多網路應用資訊系統由於軟體漏洞存在而迭受攻擊，這些軟體瑕疵的存在對於資訊基礎設施功能常常造成嚴重的影響。因此如何能辨識、分類、矯正及移除這些軟體漏洞已成為改善軟體系統品質的重要課題。軟體漏洞基本上即是網路資訊系統中駭客能利用來破壞、截取軟體系統內容機密性與存取資訊的系統設計瑕疵或漏洞。先蒐集分析漏洞種類，再利用適當的系統工具加以辯識、清除是有效改善這些系統的安全前提。元件為基架構是軟體系統發展中一種與系統及周邊元件互動容易，並且可以重複提供實務需求修正的方法。因此本研究即採用此元件為基架構來構建一個軟體漏洞管理系統雛形，主要利用事先建立完成之漏洞屬性知識庫結合軟體漏洞推理規則，針對軟體漏洞構成屬性進行分析，即可解析漏洞形成原因，並可進一步針對處理或改善的方法提出說明。由於元件為基架構能分別處理各種軟體應用的功能，並且提供分享及新系統重複應用屬性，經由系統模擬測試，驗證許多軟體漏洞及可行處置是有效的，未來對於降低軟體風險將可提供助益。

Recently, the increasing usages of software system in different web applications are threaten and attacked for security vulnerabilities. It impacts the existing information infrastructure seriously. Thus, how to identify, classify, remediate and mitigate the vulnerabilities of software had refereed as an important step to improve the software system's assurance. Basically the vulnerabilities are weaknesses in software that enable an attacker to compromise the integrity, availability, or confidentiality of that software or the data it processes. Thus to secure the software, it is necessary to collect all the related vulnerabilities in a system before identifying and removing them. Since component concepts in software development are expected to exhibit certain behaviors and characteristics that let them interact with its environment and other components. These attributes will fulfill the cyclical practice requirements of vulnerability management. Therefore, in this paper, the use of a component based strategy to create a comprehensive software vulnerability management system is presented. (CBASVMS) Which embed the vulnerability rule base for reasoning vulnerability attributes and the vulnerability knowledge base for possible settle methods are explained. Since the component representation can separate of concerns in respect of the wide-ranging functionality available for software applications, which have advantages of sharing with other applications and reusability for other new systems, which will characterize the knowledge of a domain for vulnerability settlement. According to the prototyping test, the CBASVMS are suitable for application in various types of software security service. The process of identifying and remediation of software vulnerabilities based on the costs and benefits associated with it will improve the security breach, meanwhile, it will reduce the impact or likelihood of security risk in the future.