Software security evaluation using multilevel vulnerability discovery modeling

被引:1
|
作者
Sharma, Ruchi [1 ]
Shrivastava, Avinash K. [1 ]
Hoang Pham [2 ]
机构
[1] Int Management Inst, Dept MIS & Analyt, Kolkata, W Bengal, India
[2] State Univ New Jersey, Dept Ind & Syst Engn, Piscataway, NJ USA
来源
QUALITY ENGINEERING | 2023年 / 35卷 / 02期
关键词
Modeling; risk assessment; severity; software security; vulnerability; SEVERITY; SYSTEMS;
D O I
10.1080/08982112.2022.2132404
中图分类号
T [工业技术];
学科分类号
08 ;
摘要
In this work, we propose a new vulnerability discovery model by predicting the number and probability of occurrence of vulnerabilities of different severity levels in software. The severity prediction assumes that the vulnerability score is a continuous variable distributed over a range of 0-10 as per the widely accepted common vulnerability scoring system. We have further developed a risk assessment model which can be used to define the security level of software and is helpful in risk assessment and patch management. A numerical illustration is done on real-life dataset to validate the proposed model.
引用
收藏
页码:341 / 352
页数:12
相关论文
共 50 条
  • [1] Measuring and Modeling Software Vulnerability Security Advisory Platforms
    Miranda, Lucas
    Vieira, Daniel
    Nogueira, Mateus
    Ventura, Leonardo
    Bicudo, Miguel
    Martins, Matheus
    Senos, Lucas
    De Aguiar, Leandro P.
    Lovat, Enrico
    Menasche, Daniel
    RISKS AND SECURITY OF INTERNET AND SYSTEMS (CRISIS 2020), 2021, 12528 : 31 - 48
  • [2] A Comparative Study of Vulnerability Discovery Modeling and Software Reliability Growth Modeling
    Kapur, P. K.
    Yadavali, V. S. S.
    Shrivastava, A. K.
    2015 1ST INTERNATIONAL CONFERENCE ON FUTURISTIC TRENDS ON COMPUTATIONAL ANALYSIS AND KNOWLEDGE MANAGEMENT (ABLAZE), 2015, : 246 - 251
  • [3] Modeling Software Vulnerability Discovery Process Inculcating the Impact of Reporters
    Adarsh Anand
    Navneet Bhatt
    Omar H. Alhazmi
    Information Systems Frontiers, 2021, 23 : 709 - 722
  • [4] Modeling Software Vulnerability Discovery Process Inculcating the Impact of Reporters
    Anand, Adarsh
    Bhatt, Navneet
    Alhazmi, Omar H.
    INFORMATION SYSTEMS FRONTIERS, 2021, 23 (03) : 709 - 722
  • [5] Modeling discovery and removal of security vulnerabilities in software system using priority queueing models
    Lim, Dae-Eun
    Kim, Tae-Sung
    JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2014, 10 (02) : 109 - 114
  • [6] CLORIFI: software vulnerability discovery using code clone verification
    Li, Hongzhe
    Kwon, Hyuckmin
    Kwon, Jonghoon
    Lee, Heejo
    CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2016, 28 (06): : 1900 - 1917
  • [7] Security Evaluation for Software System with Vulnerability Life Cycle and User Profiles
    Okamura, Hiroyuki
    Tokuzane, Masataka
    Dohi, Tadashi
    2012 WORKSHOP ON DEPENDABLE TRANSPORTATION SYSTEMS/RECENT ADVANCES IN SOFTWARE DEPENDABILITY (WDTS-RASD 2012), 2012, : 39 - 44
  • [8] Survey of Software Vulnerability Discovery Technology
    Wang, Wei
    PROCEEDINGS OF THE 2017 7TH INTERNATIONAL CONFERENCE ON SOCIAL NETWORK, COMMUNICATION AND EDUCATION (SNCE 2017), 2017, 82 : 9 - 13
  • [9] Software Vulnerability Discovery Techniques: A Survey
    Liu, Bingchang
    Shi, Liang
    Cai, Zhuhua
    Li, Min
    2012 FOURTH INTERNATIONAL CONFERENCE ON MULTIMEDIA INFORMATION NETWORKING AND SECURITY (MINES 2012), 2012, : 152 - 156
  • [10] Software Vulnerability and Application Security Risk
    Peng, Jianping
    Guo, Meiwen
    Quan, Jing
    INFORMATION RESOURCES MANAGEMENT JOURNAL, 2019, 32 (01) : 48 - 57
12345