Modeling the vulnerability discovery process

Author

Alhazmi, O.H. ; Malaiya, Y.K.

Author_Institution

Dept. of Comput. Sci., Colorado State Univ., Fort Collins, CO

fYear

2005

fDate

1-1 Nov. 2005

Lastpage

138

Abstract

Security vulnerabilities in servers and operating systems are software defects that represent great risks. Both software developers and users are struggling to contain the risk posed by these vulnerabilities. The vulnerabilities are discovered by both developers and external testers throughout the life-span of a software system. A few models for the vulnerability discovery process have just been published recently. Such models will allow effective resource allocation for patch development and are also needed for evaluating the risk of vulnerability exploitation. Here we examine these models for the vulnerability discovery process. The models are examined both analytically and using actual data on vulnerabilities discovered in three widely-used systems. The applicability of the proposed models and significance of the parameters involved are discussed. The limitations of the proposed models are examined and major research challenges are identified

Keywords

program testing; resource allocation; security of data; software fault tolerance; operating systems; patch development; resource allocation; security vulnerability; servers; software defects; vulnerability discovery process modeling; Computer science; Computer security; Investments; Life testing; Operating systems; Resource management; Software reliability; Software systems; Software testing; System testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Reliability Engineering, 2005. ISSRE 2005. 16th IEEE International Symposium on

Conference_Location

Chicago, IL

ISSN

1071-9458

Print_ISBN

0-7695-2482-6

Type

conf

DOI

10.1109/ISSRE.2005.30

Filename

1544728