Abstract
Security researchers are applying software reliability models to vulnerability data, in an attempt to model the vulnerability discovery process. I show that most current work on these vulnerability discovery models (VDMs) is theoretically unsound. I propose a standard set of definitions relevant to measuring characteristics of vulnerabilities and their discovery process. I then describe the theoretical requirements of VDMs and highlight the shortcomings of existing work, particularly the assumption that vulnerability discovery is an independent process.
Full Text 
Sign-in/Register to access full text options
Sign-in/Register to access full text options 
Paper version not known
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
