Modeling the Vulnerability Discovery Process

Chicago, Illinois November 08-November 11

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ISSRE.2005.30

16th IEEE International Symposium on ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by O. H. Alhazmi Articles by Y. K. Malaiya

	ASCII Text	x
	O. H. Alhazmi, Y. K. Malaiya, "Modeling the Vulnerability Discovery Process," Software Reliability Engineering, International Symposium on, pp. 129-138, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05), 2005.

	BibTex	x
	@article{ 10.1109/ISSRE.2005.30, author = {O. H. Alhazmi and Y. K. Malaiya}, title = {Modeling the Vulnerability Discovery Process}, journal ={Software Reliability Engineering, International Symposium on}, volume = {0}, year = {2005}, issn = {1071-9458}, pages = {129-138}, doi = {http://doi.ieeecomputersociety.org/10.1109/ISSRE.2005.30}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Software Reliability Engineering, International Symposium on TI - Modeling the Vulnerability Discovery Process SN - 1071-9458 SP129 EP138 A1 - O. H. Alhazmi, A1 - Y. K. Malaiya, PY - 2005 KW - null VL - 0 JA - Software Reliability Engineering, International Symposium on ER -

O. H. Alhazmi, Colorado State University

Y. K. Malaiya, Colorado State University

Security vulnerabilities in servers and operating systems are software defects that represent great risks. Both software developers and users are struggling to contain the risk posed by these vulnerabilities. The vulnerabilities are discovered by both developers and external testers throughout the life-span of a software system. A few models for the vulnerability discovery process have just been published recently. Such models will allow effective resource allocation for patch development and are also needed for evaluating the risk of vulnerability exploitation. Here we examine these models for the vulnerability discovery process. The models are examined both analytically and using actual data on vulnerabilities discovered in three widely-used systems. The applicability of the proposed models and significance of the parameters involved are discussed. The limitations of the proposed models are examined and major research challenges are identified.

Citation:

O. H. Alhazmi, Y. K. Malaiya, "Modeling the Vulnerability Discovery Process," issre, pp.129-138, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.