Increasing use of Component Based Software Engineering (CBSE) has raised the issues related with the security of software components. Several methodologies are being used to evaluate security of software components and that of the base system with which it is integrated. Security characteristics of a component must be specified effectively and unambiguously. To make possible software development progression, it will be effective to have a method which evaluates the security of software components. The study presented here attempts to propose analytic network process (ANP) for component security evaluation. The method is applied using ISO/IEC 27002 (ISO 27002) standard.