Software reliability: measurement, prediction, application
Software reliability: measurement, prediction, application
A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior
IEEE Transactions on Software Engineering
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Modeling and Quantification of Security Attributes of Software Systems
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
The sybil attack in sensor networks: analysis & defenses
Proceedings of the 3rd international symposium on Information processing in sensor networks
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Modeling the Vulnerability Discovery Process
ISSRE '05 Proceedings of the 16th IEEE International Symposium on Software Reliability Engineering
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
IEEE Security and Privacy
A Statistical Analysis of Attack Data to Separate Attacks
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
ICECCS '06 Proceedings of the 11th IEEE International Conference on Engineering of Complex Computer Systems
Increased security through open source
Communications of the ACM - The patent holder's dilemma: buy, sell, or troll?
Information Systems Frontiers
Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
On Reliability Analysis of Open Source Software - FEDORA
ISSRE '08 Proceedings of the 2008 19th International Symposium on Software Reliability Engineering
Empirical Estimates and Observations of 0Day Vulnerabilities
HICSS '09 Proceedings of the 42nd Hawaii International Conference on System Sciences
Operating system integrity in OS/VS2
IBM Systems Journal
An empirical study of security problem reports in Linux distributions
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
OSDC: adapting ODC for developing more secure software
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Hi-index | 0.00 |
To evaluate security in the context of software reliability engineering, it is necessary to analyse security problems, actual exploits, and their relationship with an understanding of the operational behaviour of the system. That can be done in terms of the effort involved in security exploits, through classic reliability factors such as calendar and inservice time, etc. Existing studies focus primarily on security problems and security exploits. Less attention has been given to the study of the relationship between security problems and security exploits. We present an analysis and classification of 43,710 vulnerabilities from the Open Source National Vulnerability Database and vulnerabilities for two specific products - Bugzilla and FEDORA. About 35% of the published vulnerabilities have been exploited. 34% of the vulnerabilities are disclosed as a result of an exploit and only 1.3% have been exploited after being publicly disclosed. We investigate a unifying approach, to understand security as a component of reliability. We focus on the disclosure and exploits of security problems with respect to calendar time and inservice time, and the impact of such exploits on the process of correcting the security problems, and discuss our approach using the collected data.