Welcome to the InfoSci Platform
Reference Hub7
Vulnerability Discovery Modeling for Open and Closed Source Software

Vulnerability Discovery Modeling for Open and Closed Source Software

Ruchi Sharma, Ritu Sibal, A.K. Shrivastava
Copyright: © 2016 |Volume: 7 |Issue: 4 |Pages: 20
ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781466691971|DOI: 10.4018/IJSSE.2016100102
Cite Article Cite Article

MLA

Sharma, Ruchi, et al. "Vulnerability Discovery Modeling for Open and Closed Source Software." IJSSE vol.7, no.4 2016: pp.19-38. http://doi.org/10.4018/IJSSE.2016100102

APA

Sharma, R., Sibal, R., & Shrivastava, A. (2016). Vulnerability Discovery Modeling for Open and Closed Source Software. International Journal of Secure Software Engineering (IJSSE), 7(4), 19-38. http://doi.org/10.4018/IJSSE.2016100102

Chicago

Sharma, Ruchi, Ritu Sibal, and A.K. Shrivastava. "Vulnerability Discovery Modeling for Open and Closed Source Software," International Journal of Secure Software Engineering (IJSSE) 7, no.4: 19-38. http://doi.org/10.4018/IJSSE.2016100102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

With growing concern for security, the researchers began with the quantitative modeling of vulnerabilities termed as vulnerability discovery models (VDM). These models aim at finding the trend of vulnerability discovery with time and facilitate the developers in patch management, optimal resource allocation and assessing associated security risks. Among the existing models for vulnerability discovery, Alhazmi-Malaiya Logistic Model (AML) is considered the best fitted model on all kinds of datasets. But, each of the existing models has a predefined basic shape and can only fit datasets following their basic shapes. Thus, shape of the dataset forms the decisive parameter for model selection. In this paper, the authors have proposed a new model to capture a wide variety of datasets irrespective of their shape accounting for better goodness of fit. The proposed model has been evaluated on three real life datasets each for open and closed source software and the models are ranked based on their suitability to discover vulnerabilities using normalized criteria distance (NCD) technique.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.