Despite the obvious advantages of biometric authentication systems over traditional security ones (based on tokens or passwords), they are vulnerable to attacks which may considerably decrease their security. In order to contribute in resolving such problematic, we propose a modality-independent evaluation methodology for the security evaluation of biometric systems. It is based on the use of a database of common threats and vulnerabilities of biometric systems, and the notion of risk factor. The proposed methodology produces a security index which characterizes the overall security level of biometric systems. We have applied it on two different biometric systems (one research laboratory implementation of keystroke dynamics and a commercial system for physical access control using fingerprints) for clarifying its benefits.