Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2007
ACM
2007
ACM
Improving vulnerability discovery models
Security researchers are applying software reliability models to vulnerability data, in an attempt to model the vulnerability discovery process. I show that most current work on these vulnerability discovery models (VDMs) is theoretically unsound. I propose a standard set of definitions relevant to measuring characteristics of vulnerabilities and their discovery process. I then describe the theoretical requirements of VDMs and highlight the shortcomings of existing work, particularly the assumption that vulnerability discovery is an independent process. Categories and Subject Descriptors D.2.8 [Software Engineering]: Metrics—product metrics, security metrics; G.3 [Probability and Statistics]: [reliability and life testing] General Terms Security, Reliability, Measurement Keywords security metrics, vulnerability discovery models, measuring software security, measuring vulnerabilities ∗This work is sponsored by the I3P under Air Force Contract FA8721-05-0002. Opinions, interpretati...
Real-time TrafficCCS 2007 | Discovery Process | Security Privacy | Vulnerability Discovery | Vulnerability Discovery Models |
Related Content
| Added | 07 Jun 2010 |
| Updated | 07 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | CCS |
| Authors | Andy Ozment |
Comments (0)
Researcher Info
|
