Software security evaluation using multilevel vulnerability discovery modeling

被引:1
|
作者
Sharma, Ruchi [1 ]
Shrivastava, Avinash K. [1 ]
Hoang Pham [2 ]
机构
[1] Int Management Inst, Dept MIS & Analyt, Kolkata, W Bengal, India
[2] State Univ New Jersey, Dept Ind & Syst Engn, Piscataway, NJ USA
来源
QUALITY ENGINEERING | 2023年 / 35卷 / 02期
关键词
Modeling; risk assessment; severity; software security; vulnerability; SEVERITY; SYSTEMS;
D O I
10.1080/08982112.2022.2132404
中图分类号
T [工业技术];
学科分类号
08 ;
摘要
In this work, we propose a new vulnerability discovery model by predicting the number and probability of occurrence of vulnerabilities of different severity levels in software. The severity prediction assumes that the vulnerability score is a continuous variable distributed over a range of 0-10 as per the widely accepted common vulnerability scoring system. We have further developed a risk assessment model which can be used to define the security level of software and is helpful in risk assessment and patch management. A numerical illustration is done on real-life dataset to validate the proposed model.
引用
收藏
页码:341 / 352
页数:12
相关论文
共 50 条
  • [31] Vulnerability Analysis and Security Modeling of MODBUS
    Kwon, Taeyean
    Lee, Jaehoon
    Yi, Okyeon
    ADVANCED SCIENCE LETTERS, 2016, 22 (09) : 2246 - 2251
  • [32] Security Characterization for Evaluation of Software Architectures using ATAM
    Raza, Asad
    Abbas, Haider
    Yngstrom, Louise
    Hemani, Ahmed
    2009 INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGIES, 2009, : 196 - 201
  • [33] Modeling of a Software Vulnerability Identification Method
    Jerome, Diako Doffou
    N'Guessan, Behou Gerard
    Yapo, M. Achiepo Odilon
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2021, 21 (09): : 354 - 357
  • [34] Detecting and eliminating the cascade vulnerability problem from multilevel security networks using soft constraints
    Bistarelli, S
    Foley, SN
    O'Sullivan, B
    PROCEEDING OF THE NINETEENTH NATIONAL CONFERENCE ON ARTIFICIAL INTELLIGENCE AND THE SIXTEENTH CONFERENCE ON INNOVATIVE APPLICATIONS OF ARTIFICIAL INTELLIGENCE, 2004, : 808 - 813
  • [35] A Scalable Approach for Vulnerability Discovery Based on Security Patches
    Li, Hongzhe
    Kwon, Hyuckmin
    Kwon, Jonghoon
    Lee, Heejo
    APPLICATIONS AND TECHNIQUES IN INFORMATION SECURITY, ATIS 2014, 2014, 490 : 109 - 122
  • [36] Change Point Problem in Security Vulnerability Discovery Model
    Shukla, Ankur
    Katt, Basel
    2019 INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND ASSURANCE (ICSSA 2019), 2019, : 21 - 26
  • [37] Software vulnerability prioritization using vulnerability description
    Sharma, Ruchi
    Sibal, Ritu
    Sabharwal, Sangeeta
    INTERNATIONAL JOURNAL OF SYSTEM ASSURANCE ENGINEERING AND MANAGEMENT, 2021, 12 (01) : 58 - 64
  • [38] Software vulnerability prioritization using vulnerability description
    Ruchi Sharma
    Ritu Sibal
    Sangeeta Sabharwal
    International Journal of System Assurance Engineering and Management, 2021, 12 : 58 - 64
  • [39] Crowdsourcing Software Vulnerability Discovery: Models, Dimensions, and Directions
    Al-Banna, Mortada
    Benatallah, Boualem
    Barukh, Moshe C.
    Bertino, Elisa
    Kanhere, Salil
    WEB INFORMATION SYSTEMS ENGINEERING - WISE 2021, PT I, 2021, 13080 : 3 - 13
  • [40] Covariate Software Vulnerability Discovery Model to Support Cybersecurity Test & Evaluation (Practical Experience Report)
    Sorrentino, Julia
    Silva, Priscila
    Baye, Gaspard
    Kul, Gokhan
    Fiondella, Lance
    2022 IEEE 33RD INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE 2022), 2022, : 157 - 168
12345