Modeling the vulnerability discovery process

被引:58
|
作者
Alhazmi, O. H. [1 ]
Malaiya, Y. K. [1 ]
机构
[1] Colorado State Univ, Dept Comp Sci, Ft Collins, CO 80523 USA
来源
16TH IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING, PROCEEDINGS | 2005年
关键词
D O I
10.1109/ISSRE.2005.30
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Security vulnerabilities in servers and operating systems are software defects that represent great risks. Both software developers and users are struggling to contain the risk posed by these vulnerabilities. The vulnerabilities are discovered by both developers and external testers throughout the life-span of a software system. A few models for the vulnerability discovery process have just been published recently. Such models will allow effective resource allocation for patch development and are also needed for evaluating the risk of vulnerability exploitation. Here we examine these models for the vulnerability discovery process. The models are examined both analytically and using actual data on vulnerabilities discovered in three widely-used systems. The applicability of the proposed models and significance of the parameters involved are discussed The limitations of the proposed models are examined and major research challenges are identified
引用
收藏
页码:129 / 138
页数:10
相关论文
共 50 条
  • [1] Modeling Software Vulnerability Discovery Process Inculcating the Impact of Reporters
    Adarsh Anand
    Navneet Bhatt
    Omar H. Alhazmi
    Information Systems Frontiers, 2021, 23 : 709 - 722
  • [2] Modeling vulnerability discovery process in Apache and IIS HTTP servers
    Woo, Sung-Whan
    Joh, HyunChul
    Alhazmi, Omar H.
    Malaiya, Yashwant K.
    COMPUTERS & SECURITY, 2011, 30 (01) : 50 - 62
  • [3] Modeling Software Vulnerability Discovery Process Inculcating the Impact of Reporters
    Anand, Adarsh
    Bhatt, Navneet
    Alhazmi, Omar H.
    INFORMATION SYSTEMS FRONTIERS, 2021, 23 (03) : 709 - 722
  • [4] Modeling Skewness in Vulnerability Discovery
    Joh, HyunChul
    Malaiya, Yashwant K.
    QUALITY AND RELIABILITY ENGINEERING INTERNATIONAL, 2014, 30 (08) : 1445 - 1459
  • [5] Seasonal Variation in the Vulnerability Discovery Process
    Joh, HyunChul
    Malaiya, Yashwant K.
    SECOND INTERNATIONAL CONFERENCE ON SOFTWARE TESTING, VERIFICATION, AND VALIDATION, PROCEEDINGS, 2009, : 191 - 200
  • [6] Effort and Coverage Dependent Vulnerability Discovery Modeling
    Kansal, Yogita
    Kapur, P. K.
    Kumar, Uday
    Kumar, Deepak
    2017 2ND INTERNATIONAL CONFERENCE ON TELECOMMUNICATION AND NETWORKS (TEL-NET), 2017, : 329 - 334
  • [7] Modeling Vulnerability Discovery and Patching with Fixing Lag
    Shrivastava, A. K.
    Sharma, Ruchi
    ADVANCED INFORMATICS FOR COMPUTING RESEARCH, PT II, 2019, 956 : 569 - 578
  • [8] Change Point Modelling in the Vulnerability Discovery Process
    Sharma, Ruchi
    Sibal, Ritu
    Sabharwal, Sangeeta
    ADVANCED INFORMATICS FOR COMPUTING RESEARCH, PT II, 2019, 956 : 559 - 568
  • [9] An analysis of the vulnerability discovery process in web browsers
    Woo, Sung-Whan
    Alhazmi, Omar H.
    Malaiya, Yashwant K.
    PROCEEDINGS OF THE 10TH IASTED INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND APPLICATIONS, 2006, : 172 - +
  • [10] A Comparative Study of Vulnerability Discovery Modeling and Software Reliability Growth Modeling
    Kapur, P. K.
    Yadavali, V. S. S.
    Shrivastava, A. K.
    2015 1ST INTERNATIONAL CONFERENCE ON FUTURISTIC TRENDS ON COMPUTATIONAL ANALYSIS AND KNOWLEDGE MANAGEMENT (ABLAZE), 2015, : 246 - 251
12345