使用软件的过去版本预测漏洞发现率

2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI) Pub Date : 2018-07-01 DOI:10.1109/SOLI.2018.8476753

Fok Kar Wai, Wee-Yong Lim, D. Divakaran, V. Thing

{"title":"使用软件的过去版本预测漏洞发现率","authors":"Fok Kar Wai, Wee-Yong Lim, D. Divakaran, V. Thing","doi":"10.1109/SOLI.2018.8476753","DOIUrl":null,"url":null,"abstract":"A vulnerability discovery model (VDM) describes the number of security vulnerabilities for a software across time. Several models have been proposed to capture characteristics of the vulnerabilities discovery trend for different stages in the life cycle of various software. Such models can help in assessing the risk of a software by helping to predict its number and trend of vulnerabilities discovery. However, existing work examine software independently when investigating the use of such VDMs for predicting its vulnerability discovery trend. In this work, we propose two algorithms—MeanFit and TrendFit— to utilise vulnerability discovery data from past versions of a current software to help in building its vulnerability discovery model. Experimental results indicate merit in the algorithms in cases where there is limited data for the current software.","PeriodicalId":424115,"journal":{"name":"2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Predicting vulnerability discovery rate using past versions of a software\",\"authors\":\"Fok Kar Wai, Wee-Yong Lim, D. Divakaran, V. Thing\",\"doi\":\"10.1109/SOLI.2018.8476753\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A vulnerability discovery model (VDM) describes the number of security vulnerabilities for a software across time. Several models have been proposed to capture characteristics of the vulnerabilities discovery trend for different stages in the life cycle of various software. Such models can help in assessing the risk of a software by helping to predict its number and trend of vulnerabilities discovery. However, existing work examine software independently when investigating the use of such VDMs for predicting its vulnerability discovery trend. In this work, we propose two algorithms—MeanFit and TrendFit— to utilise vulnerability discovery data from past versions of a current software to help in building its vulnerability discovery model. Experimental results indicate merit in the algorithms in cases where there is limited data for the current software.\",\"PeriodicalId\":424115,\"journal\":{\"name\":\"2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI)\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SOLI.2018.8476753\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SOLI.2018.8476753","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

漏洞发现模型(VDM)描述一个软件在一段时间内的安全漏洞数量。针对不同软件生命周期不同阶段的漏洞发现趋势特征，提出了几种模型。这样的模型可以通过预测软件的数量和漏洞发现的趋势来帮助评估软件的风险。然而，现有的工作是在调查使用这种vdm来预测其漏洞发现趋势时独立检查软件。在这项工作中，我们提出了两种算法——meanfit和TrendFit——利用当前软件过去版本的漏洞发现数据来帮助构建其漏洞发现模型。实验结果表明，在当前软件数据有限的情况下，该算法具有一定的优点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Predicting vulnerability discovery rate using past versions of a software

A vulnerability discovery model (VDM) describes the number of security vulnerabilities for a software across time. Several models have been proposed to capture characteristics of the vulnerabilities discovery trend for different stages in the life cycle of various software. Such models can help in assessing the risk of a software by helping to predict its number and trend of vulnerabilities discovery. However, existing work examine software independently when investigating the use of such VDMs for predicting its vulnerability discovery trend. In this work, we propose two algorithms—MeanFit and TrendFit— to utilise vulnerability discovery data from past versions of a current software to help in building its vulnerability discovery model. Experimental results indicate merit in the algorithms in cases where there is limited data for the current software.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI)

自引率

0.00%

发文量