Vulnerability Discovery in Open- and Closed-Source Software: A New Paradigm

For assisting the developers in process of software development, vulnerability discovery models were developed by researchers which helped in discovering the vulnerabilities with time. These models facilitate the developers in patch management while providing assistance in optimal resource allocation and assessing associated security risks. Among the existing models for vulnerability discovery, Alhazmi-Malaiya logistic model is considered the best-fitted model on all kinds of datasets owing to its ability to capture s-shaped nature of the curves. But, it has the limitation of dependence on shape of dataset. We have proposed a new model that is shape-independent accounting for better goodness of fit as compared to the earlier VDM. The proposed model and Alhazmi-Malaiya logistic model for vulnerability discovery has been evaluated on three real-life datasets each for open-and closed-source software, and the results are presented toward the end of the paper.