Improving vulnerability discovery models
Proceedings of the 2007 ACM workshop on Quality of protection
Impact of inheritance on vulnerability propagation at design phase
ACM SIGSOFT Software Engineering Notes
Optimal security patch release timing under non-homogeneous vulnerability-discovery processes
ISSRE'09 Proceedings of the 20th IEEE international conference on software reliability engineering
Towards a unifying approach in understanding security problems
ISSRE'09 Proceedings of the 20th IEEE international conference on software reliability engineering
Which is the right source for vulnerability studies?: an empirical analysis on Mozilla Firefox
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Proceedings of the 26th Annual Computer Security Applications Conference
After-life vulnerabilities: a study on firefox evolution, its vulnerabilities, and fixes
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Objective Risk Evaluation for Automated Security Management
Journal of Network and Systems Management
An idea of an independent validation of vulnerability discovery models
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
OSDC: adapting ODC for developing more secure software
Proceedings of the 28th Annual ACM Symposium on Applied Computing
A Formal Framework for Patch Management
International Journal of Interdisciplinary Telecommunications and Networking
Hi-index | 0.00 |
Security vulnerabilities in servers and operating systems are software defects that represent great risks. Both software developers and users are struggling to contain the risk posed by these vulnerabilities. The vulnerabilities are discovered by both developers and external testers throughout the life-span of a software system. A few models for the vulnerability discovery process have just been published recently. Such models will allow effective resource allocation for patch development and are also needed for evaluating the risk of vulnerability exploitation. Here we examine these models for the vulnerability discovery process. The models are examined both analytically and using actual data on vulnerabilities discovered in three widely-used systems. The applicability of the proposed models and significance of the parameters involved are discussed. The limitations of the proposed models are examined and major research challenges are identified.