Title :
Modeling the vulnerability discovery process
Author :
Alhazmi, O.H. ; Malaiya, Y.K.
Author_Institution :
Dept. of Comput. Sci., Colorado State Univ., Fort Collins, CO
Abstract :
Security vulnerabilities in servers and operating systems are software defects that represent great risks. Both software developers and users are struggling to contain the risk posed by these vulnerabilities. The vulnerabilities are discovered by both developers and external testers throughout the life-span of a software system. A few models for the vulnerability discovery process have just been published recently. Such models will allow effective resource allocation for patch development and are also needed for evaluating the risk of vulnerability exploitation. Here we examine these models for the vulnerability discovery process. The models are examined both analytically and using actual data on vulnerabilities discovered in three widely-used systems. The applicability of the proposed models and significance of the parameters involved are discussed. The limitations of the proposed models are examined and major research challenges are identified
Keywords :
program testing; resource allocation; security of data; software fault tolerance; operating systems; patch development; resource allocation; security vulnerability; servers; software defects; vulnerability discovery process modeling; Computer science; Computer security; Investments; Life testing; Operating systems; Resource management; Software reliability; Software systems; Software testing; System testing;
Conference_Titel :
Software Reliability Engineering, 2005. ISSRE 2005. 16th IEEE International Symposium on
Conference_Location :
Chicago, IL
Print_ISBN :
0-7695-2482-6
DOI :
10.1109/ISSRE.2005.30
