{"title":"Software security evaluation using multilevel vulnerability discovery modeling","authors":"Ruchi Sharma, A. Shrivastava, H. Pham","doi":"10.1080/08982112.2022.2132404","DOIUrl":null,"url":null,"abstract":"Abstract In this work, we propose a new vulnerability discovery model by predicting the number and probability of occurrence of vulnerabilities of different severity levels in software. The severity prediction assumes that the vulnerability score is a continuous variable distributed over a range of 0–10 as per the widely accepted common vulnerability scoring system. We have further developed a risk assessment model which can be used to define the security level of software and is helpful in risk assessment and patch management. A numerical illustration is done on real-life dataset to validate the proposed model.","PeriodicalId":20846,"journal":{"name":"Quality Engineering","volume":"35 1","pages":"341 - 352"},"PeriodicalIF":1.3000,"publicationDate":"2022-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Quality Engineering","FirstCategoryId":"5","ListUrlMain":"https://doi.org/10.1080/08982112.2022.2132404","RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, INDUSTRIAL","Score":null,"Total":0}
引用次数: 0
Abstract
Abstract In this work, we propose a new vulnerability discovery model by predicting the number and probability of occurrence of vulnerabilities of different severity levels in software. The severity prediction assumes that the vulnerability score is a continuous variable distributed over a range of 0–10 as per the widely accepted common vulnerability scoring system. We have further developed a risk assessment model which can be used to define the security level of software and is helpful in risk assessment and patch management. A numerical illustration is done on real-life dataset to validate the proposed model.
期刊介绍:
Quality Engineering aims to promote a rich exchange among the quality engineering community by publishing papers that describe new engineering methods ready for immediate industrial application or examples of techniques uniquely employed.
You are invited to submit manuscripts and application experiences that explore:
Experimental engineering design and analysis
Measurement system analysis in engineering
Engineering process modelling
Product and process optimization in engineering
Quality control and process monitoring in engineering
Engineering regression
Reliability in engineering
Response surface methodology in engineering
Robust engineering parameter design
Six Sigma method enhancement in engineering
Statistical engineering
Engineering test and evaluation techniques.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
