Handbook of software reliability engineering
Handbook of software reliability engineering
Software Reliability Engineered Testing
Software Reliability Engineered Testing
A Trend Analysis of Exploitations
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Is Finding Security Holes a Good Idea?
IEEE Security and Privacy
Timing the Application of Security Patches for Optimal Uptime
LISA '02 Proceedings of the 16th USENIX conference on System administration
Modeling the Vulnerability Discovery Process
ISSRE '05 Proceedings of the 16th IEEE International Symposium on Software Reliability Engineering
Assessing Vulnerabilities in Apache and IIS HTTP Servers
DASC '06 Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing
ISSRE '06 Proceedings of the 17th International Symposium on Software Reliability Engineering
Hyper-Erlang Software Reliability Model
PRDC '08 Proceedings of the 2008 14th IEEE Pacific Rim International Symposium on Dependable Computing
Security Patch Management: Share the Burden or Share the Damage?
Management Science
Proceedings of the 33rd International Conference on Software Engineering
Hi-index | 0.00 |
This paper proposes a patch management model with non-homogeneous vulnerability-discovery processes to find the optimal security patch release times. The proposed model is an extension of Cavusoglu et al. (2006, 2008) by applying nonhomogeneous vulnerability-discovery processes which are based on a vulnerability life-cycle model, and provides the optimal schedule for security patch release times over a software life cycle by means of cost analysis. In numerical examples, we show that the optimal patch release policy becomes an aperiodic release strategy, and compare the minimum cost under the optimal policy with that under a periodic release strategy. In addition, based on opened vulnerability data, we illustrate the optimal security patch release policy for a real software product.