Software security evaluation using multilevel vulnerability discovery modeling

被引：1

作者：

Sharma, Ruchi ^{[1
]}

Shrivastava, Avinash K. ^{[1
]}

Hoang Pham ^{[2
]}

机构：

[1] Int Management Inst, Dept MIS & Analyt, Kolkata, W Bengal, India

[2] State Univ New Jersey, Dept Ind & Syst Engn, Piscataway, NJ USA

来源：

QUALITY ENGINEERING | 2023年 / 35卷 / 02期

关键词：

Modeling; risk assessment; severity; software security; vulnerability; SEVERITY; SYSTEMS;

D O I：

10.1080/08982112.2022.2132404

中图分类号：

T [工业技术];

学科分类号：

08 ;

摘要：

In this work, we propose a new vulnerability discovery model by predicting the number and probability of occurrence of vulnerabilities of different severity levels in software. The severity prediction assumes that the vulnerability score is a continuous variable distributed over a range of 0-10 as per the widely accepted common vulnerability scoring system. We have further developed a risk assessment model which can be used to define the security level of software and is helpful in risk assessment and patch management. A numerical illustration is done on real-life dataset to validate the proposed model.

引用

页码：341 / 352

页数：12

共 50 条

[41] The (In)Security of Topology Discovery in Software Defined Networks
Alharbi, Talal
Portmann, Marius
Pakzad, Farzaneh
40TH ANNUAL IEEE CONFERENCE ON LOCAL COMPUTER NETWORKS (LCN 2015), 2015, : 502 - 505
[42] Vulnerability distribution scoring for software product security assessment
Rasheed, Hassan, 1600, Inderscience Enterprises Ltd., 29, route de Pre-Bois, Case Postale 856, CH-1215 Geneva 15, CH-1215, Switzerland (06):
[43] Towards Automated Security Vulnerability and Software Defect Localization
Visalli, Nicholas
Deng, Lin
Al-Suwaida, Amro
Brown, Zachary
Joshi, Manish
Wei, Bingyang
2019 IEEE/ACIS 17TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING RESEARCH, MANAGEMENT AND APPLICATIONS (SERA), 2019, : 90 - 93
[44] Environmental Metrics for Software Security Based on a Vulnerability Ontology
Wang, Ju An
Guo, Minzhe
Wang, Hao
Xia, Min
Zhou, Linfeng
2009 THIRD IEEE INTERNATIONAL CONFERENCE ON SECURE SOFTWARE INTEGRATION AND RELIABILITY IMPROVEMENT, PROCEEDINGS, 2009, : 159 - 168
[45] Software security with natural language processing and vulnerability scoring using machine learning approach
Verma B.K.
Yadav A.K.
Journal of Ambient Intelligence and Humanized Computing, 2024, 15 (04) : 2641 - 2651
[46] Security Risk Growth Models for Software Vulnerability Assessment
Minohara, Takashi
Shimakawa, Masaya
2023 53RD ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS WORKSHOPS, DSN-W, 2023, : 32 - 35
[47] An Automated Vulnerability Detection and Remediation Method for Software Security
Jurn, Jeesoo
Kim, Taeeun
Kim, Hwankuk
SUSTAINABILITY, 2018, 10 (05)
[48] Vulnerability Analysis for a Quantitative Security Evaluation
Vache, Geraldine
ESEM: 2009 3RD INTERNATIONAL SYMPOSIUM ON EMPIRICAL SOFTWARE ENGINEERING AND MEASUREMENT, 2009, : 527 - 535
[49] Multics security evaluation: Vulnerability analysis
Karger, PA
Schell, RR
18TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2002, : 127 - 146
[50] Effort and Coverage Dependent Vulnerability Discovery Modeling
Kansal, Yogita
Kapur, P. K.
Kumar, Uday
Kumar, Deepak
2017 2ND INTERNATIONAL CONFERENCE ON TELECOMMUNICATION AND NETWORKS (TEL-NET), 2017, : 329 - 334

← 1 2 3 4 5 →