Abstract
The recent rapid advancement in technology has affected the security of software products. The number of threats and cyber-attacks are intensifying both in number and in complexity. Therefore, software system requires protection against threats and vulnerabilities. When defects in the software have an effect on the security of the software system, then these defects are called vulnerabilities. It is essential for vendors to rigorously identify and remove vulnerabilities present in the system. This chapter aims to explain the vulnerability discovery and patching process mathematically. Patch is a security update released by software developers to eliminate vulnerabilities from the system. Quantitative measures are discussed in the present study to predict the vulnerability discovery growth function by incorporating various attributes, namely, software users, operational effort, and coverage functions. Joint optimization problem for optimal software and patch time-to-market are also discussed with an aim of minimizing the cost functions. Numerical examples are provided to validate the mathematical models and minimization problem using the actual vulnerability data sets. The results indicate that the discussed models can objectively determine the vulnerability discovery paradigm. Moreover, the optimization models will assist the management team in optimal decision making pertaining to release time of software and security patch in the market.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.