Abstract
With the association of software security assurance in the development of code based systems; software developers are relying on the Vulnerability discovery models to mitigate the breaches by estimating the total number of vulnerabilities, before they’re exploited by the intruders. Vulnerability Discovery Models (VDMs) provide the quantitative classification of the flaws that exists in a software that will be discovered after a software is released. In this paper, we develop a vulnerability discovery model that accumulate the vulnerabilities due to the influence of previously discovered vulnerabilities. We further evaluate the proportion of previously discovered vulnerabilities along with the fraction additional vulnerabilities detected. The quantification methodology presented in this article has been accompanied with an empirical illustration on popular operating systems’ vulnerability data.
Highlights
Despite the progress made in computer programming and the respective software engineering practices, almost all the software program we often use in our day to day life still contain numerous bugs
On the basis of the degree to which an individual vulnerability is discovered in the software, the developer can categorize the individual vulnerability based on a Common Vulnerability Scoring System (CVSS)
The categorization procedure is suggested by the FIRST as an effort to offer a vendor independent score system and reports a CVSS based vulnerability distribution to catalog various vulnerabilities based on their types
Summary
Despite the progress made in computer programming and the respective software engineering practices, almost all the software program we often use in our day to day life still contain numerous bugs. Needham (2002), Alhazmi and Malaiya (2005) argued that the difference in fitting the data for the Anderson Thermodynamic (AT) model is due to sociological factors like: decrease in vulnerability discovery rate can be described due to the losing attractiveness of software version over time rather than the difficulty in discovering vulnerabilities (Massacci and Nguyen, 2014). Alhazmi and Malaiya (2005) proposed a logistic, s-shaped model to capture the phenomenon considering the impact of vulnerability detection rate during the three phases. 2. Model Development The vulnerability discovery model, suggested by the Alhazmi and Malaiya (2005) considered the impact of two factors that governed the rate of change of vulnerability discovered. The parameter estimation, and comparison criteria of the two models are given in Table 1 and 2 respectively
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
