Abstract

ABSTRACT A software vulnerability is defined as a flaw that exists in computer resources or control that can be exploited by one or more threats. Vulnerabilities are discovered throughout the entire life cycle of the software. In this paper, we examine existing vulnerability models on the subject area and propose a new time-based differential equation model. Our proposed model is based on the assumption that vulnerability saturation is a local phenomenon, that possesses an increasing cyclic behaviour within the software vulnerability life cycle. Daily vulnerability data is extracted from the National Vulnerability Database (NVD) to obtain a cumulative quarterly vulnerability data set for three Operating Systems: Mac OS X, Windows 7, and Linux Kernel. When we apply the proposed model to this data, it is discovered that our model performs significantly better than existing models, in terms of fitting and prediction capabilities.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call