{"title":"Predicting vulnerability discovery rate using past versions of a software","authors":"Fok Kar Wai, Wee-Yong Lim, D. Divakaran, V. Thing","doi":"10.1109/SOLI.2018.8476753","DOIUrl":null,"url":null,"abstract":"A vulnerability discovery model (VDM) describes the number of security vulnerabilities for a software across time. Several models have been proposed to capture characteristics of the vulnerabilities discovery trend for different stages in the life cycle of various software. Such models can help in assessing the risk of a software by helping to predict its number and trend of vulnerabilities discovery. However, existing work examine software independently when investigating the use of such VDMs for predicting its vulnerability discovery trend. In this work, we propose two algorithms—MeanFit and TrendFit— to utilise vulnerability discovery data from past versions of a current software to help in building its vulnerability discovery model. Experimental results indicate merit in the algorithms in cases where there is limited data for the current software.","PeriodicalId":424115,"journal":{"name":"2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SOLI.2018.8476753","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
A vulnerability discovery model (VDM) describes the number of security vulnerabilities for a software across time. Several models have been proposed to capture characteristics of the vulnerabilities discovery trend for different stages in the life cycle of various software. Such models can help in assessing the risk of a software by helping to predict its number and trend of vulnerabilities discovery. However, existing work examine software independently when investigating the use of such VDMs for predicting its vulnerability discovery trend. In this work, we propose two algorithms—MeanFit and TrendFit— to utilise vulnerability discovery data from past versions of a current software to help in building its vulnerability discovery model. Experimental results indicate merit in the algorithms in cases where there is limited data for the current software.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
