Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Basic Statistics Kapitel lesen Erstes Kapitel lesen

2023 | OriginalPaper | Buchkapitel

24. Vulnerability Discovery Analysis in Software Reliability and Related Optimization Problems

verfasst von : P. K. Kapur, Saurabh Panwar

Erschienen in: Springer Handbook of Engineering Statistics

Verlag: Springer London

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The recent rapid advancement in technology has affected the security of software products. The number of threats and cyber-attacks are intensifying both in number and in complexity. Therefore, software system requires protection against threats and vulnerabilities. When defects in the software have an effect on the security of the software system, then these defects are called vulnerabilities. It is essential for vendors to rigorously identify and remove vulnerabilities present in the system. This chapter aims to explain the vulnerability discovery and patching process mathematically. Patch is a security update released by software developers to eliminate vulnerabilities from the system. Quantitative measures are discussed in the present study to predict the vulnerability discovery growth function by incorporating various attributes, namely, software users, operational effort, and coverage functions. Joint optimization problem for optimal software and patch time-to-market are also discussed with an aim of minimizing the cost functions. Numerical examples are provided to validate the mathematical models and minimization problem using the actual vulnerability data sets. The results indicate that the discussed models can objectively determine the vulnerability discovery paradigm. Moreover, the optimization models will assist the management team in optimal decision making pertaining to release time of software and security patch in the market.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel OSS Reliability Analysis and Project Effort Estimation Based on Computational Intelligence
Nächstes Kapitel Software Reliability Modeling and Prediction
Literatur
1.
Yamada, S.: Software Reliability Modeling: Fundamentals and Applications, vol. 5. Springer, Tokyo (2014)CrossRefMATH
2.
Kapur, P.K., Kumar, S., Garg, R.B.: Contributions to Hardware and Software Reliability, vol. 3. World Scientific (1999)MATH
3.
Crook, R., Ince, D., Lin, L.: B. Nuseibeh: security requirements engineering: when anti-requirements hit the fan. In: Proc. IEEE Joint International Conference on Requirements Engineering, pp. 203–205 (2002)CrossRef
4.
Younis, A., Malaiya, Y.K., Ray, I.: Assessing vulnerability exploitability risk using software properties. Softw. Qual. J. 24(1), 159–202 (2016)CrossRef
5.
Ghaffarian, S.M., Shahriari, H.R.: Software vulnerability analysis and discovery using machine-learning and data-mining techniques: a survey. ACM Comput. Surv. (CSUR). 50(4), 56 (2017)
6.
Kapur, P.K., Sachdeva, N., Khatri, S.K.: Vulnerability discovery modeling. In: Proc. International Conference on Quality, Reliability, Infocom Technology and Industrial Technology Management, pp. 34–54 (2015)
7.
8.
9.
Joh, H., Malaiya, Y.K.: Periodicity in software vulnerability discovery, patching and exploitation. Int. J. Inf. Secur. 16(6), 673–690 (2017)CrossRef
10.
Anderson, R.: Why information security is hard-an economic perspective. In: Proc 17th Annual Computer Security Applications Conference, ACSAC 2001, pp. 358–365 (2001, December)
11.
Rescorla, E.: Security holes. Who cares? In: SSYM’03: Proceedings of the 12th Conference on USENIX Security Symposium, pp. 75–90. USENIX Association, Berkeley (2003)
12.
Alhazmi, O.H., Malaiya, Y.K.: Modeling the vulnerability discovery process. In: Proc. 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05), p. 10. IEEE (2005)
13.
Joh, H., Kim, J., Malaiya, Y.K.: Vulnerability discovery modeling using Weibull distribution. In: Proc. 19th International Symposium on Software Reliability Engineering. ISSRE 2008, pp. 299–300. IEEE (2008)
14.
Kapur, P.K., Yadavali, V.S., Shrivastava, A.K.: A comparative study of vulnerability discovery modeling and software reliability growth modeling. In: Proc. 2015 International Conference on Futuristic Trends on Computational Analysis and Knowledge Management (ABLAZE), pp. 246–251. IEEE (2015)
15.
Kim, J., Malaiya, Y.K., Ray, I.: Vulnerability discovery in multi-version software systems. In: Proc. 10th IEEE High Assurance Systems Engineering Symposium, HASE ’07, pp. 141–148 (2007)CrossRef
16.
Ozment, A.: Improving vulnerability discovery models. In: Proc. Proceedings of the 2007 ACM Workshop on Quality of Protection, pp. 6–11. ACM (2007)CrossRef
17.
Sutton, M., Greene, A., Amini, P.: Fuzzing: Brute Force Vulnerability Discovery. Pearson Education (2007)
18.
Algarni, A., Malaiya, Y.K.: Software vulnerability markets: discoverers and buyers. Int. J. Comput. Inf. Sci. Eng. 8(3), 71–81 (2014)
19.
Nguyen, V. H.: Empirical methods for evaluating vulnerability models. Ph.D. Thesis, University of Trento (2014)
20.
Zhu, X., Cao, C., Zhang, J.: Vulnerability severity prediction and risk metric modeling for software. J. Appl. Intell. 47(3), 828–836 (2017)CrossRef
21.
Pham, H., Zhang, X.: Software release policies with gain in reliability justifying the costs. Ann. Softw. Eng. 8(1–4), 147–166 (1999)CrossRef
22.
Inoue, S., Yamada, S.: Optimal software release policy with change-point. In: Proc. IEEE International Conference on Industrial Engineering and Engineering Management, IEEM, pp. 531–535. IEEE (2008)
23.
Kapur, P.K., Pham, H., Gupta, A., Jha, P.C.: Software Reliability Assessment with OR Applications, p. 364. Springer, London (2011)CrossRefMATH
24.
Lai, R., Garg, M., Kapur, P.K., Liu, S.: A study of when to release a software product from the perspective of software reliability models. JSW. 6(4), 651–661 (2011)CrossRef
25.
Kapur, P.K., Singh, V.B., Singh, O., Singh, J.N.: Software release time based on different multi-attribute utility functions. Int. J. Reliab. Qual. Saf. Eng. 20(04), 1350012 (2013)CrossRef
26.
Kapur, P.K., Khatri, S.K., Tickoo, A., Shatnawi, O.: Release time determination depending on number of test runs using multi attribute utility theory. Int. J. Syst. Assur. Eng. Manag. 5(2), 186–194 (2014)CrossRef
27.
Kapur, P.K., Panwar, S., Singh, O., Kumar, V.: Joint release and testing stop time policy with testing-effort and change point. In: Risk Based Technologies, pp. 209–222. Springer, Singapore (2019)CrossRef
28.
Beattie, S., Arnold, S., Cowan, C., Wagle, P., Wright, C., Shostack, A.: Timing the application of security patches for optimal uptime. In: Proc. LISA ’02: Sixteenth Systems Administration Conference, vol. 2, pp. 233–242 (2002)
29.
Telang, R., Wattal, S.: An empirical analysis of the impact of software vulnerability announcements on firm stock price. IEEE Trans. Softw. Eng. 33(8), 544–557 (2007)CrossRef
30.
Arora, A., Telang, R., Xu, H.: Optimal policy for software vulnerability disclosure. Manag. Sci. 54(4), 642–656 (2008)CrossRef
31.
Arora, A., Forman, C., Nandkumar, A., Telang, R.: Competition and patching of security vulnerabilities: an empirical analysis. Inf. Econ. Policy. 22(2), 164–177 (2010)CrossRef
32.
Kansal, Y., Kapur, P.K., Kumar, U., Kumar, D.: User-dependent vulnerability discovery model and its interdisciplinary nature. Life Cycle Reliability and Safety Engineering. 6(1), 23–29 (2017)CrossRef
33.
Zimmerman, R.: Decision-making and the vulnerability of interdependent critical infrastructure. In: Proc. IEEE International Conference on Systems, Man and Cybernetics, vol. 5, pp. 4059–4063. IEEE (2004)
34.
Kenny, G.Q.: Estimating defects in a commercial software during operational use. IEEE Trans. Reliab. 42(1), 107–115 (1993)CrossRef
35.
Bass, F.M.: A new-product growth model for consumer durables. Manag. Sci. 15(5), 215–227 (1969)CrossRefMATH
36.
Kansal, Y., Kapur, P.K., Kumar, U., Kumar, D.: Effort and coverage dependent vulnerability discovery modeling. In: Proc. 2nd International Conference on Telecommunication and Networks (TEL-NET), pp. 1–6. IEEE (2017)
37.
Pham, H.: A generalized fault-detection software reliability model subject to random operating environments. Vietnam J. Comput. Sci. 3(3), 145–150 (2016)CrossRef
38.
Kansal, Y., Kapur, P.K., Kumar, U.: Coverage-based vulnerability discovery modeling to optimize disclosure time using multiattribute approach. Qual. Reliab. Eng. Int. 35(1), 62–73 (2019)CrossRef
39.
40.
Yamada, S., Tamura, Y.: OSS Reliability Measurement and Assessment. Springer International Publishing (2016)CrossRef
41.
Kansal, Y., Singh, G., Kumar, U., Kapur, P.K.: Optimal release and patching time of software with warranty. Int. J. Syst. Assur. Eng. Manag. 7(4), 462–468 (2016)CrossRef
42.
Wood, A.: Predicting software reliability. Computer. 29(11), 69–77 (1996)CrossRef
43.
Kansal, Y., Kumar, U., Kumar, D., Kapur, P.K.: Fixing of faults and vulnerabilities via single patch. In: Quality, IT and Business Operations, pp. 175–190. Springer, Singapore (2018)CrossRef
44.
Tohma, Y., Yamano, H., Ohba, M., Jacoby, R.: Parameter estimation of the hyper-geometric distribution model for real test/debug data. In: Proc. International Symposium on Software Reliability Engineering, pp. 28–34. IEEE (1991)
Metadaten
Titel
Vulnerability Discovery Analysis in Software Reliability and Related Optimization Problems
verfasst von
P. K. Kapur
Saurabh Panwar
Copyright-Jahr
2023
Verlag
Springer London
Buch
Springer Handbook of Engineering Statistics

Print ISBN: 978-1-4471-7502-5

Electronic ISBN: 978-1-4471-7503-2

Copyright-Jahr: 2023

DOI
https://doi.org/10.1007/978-1-4471-7503-2_24

Premium Partner

    Marktübersichten

    Die im Laufe eines Jahres in der „adhäsion“ veröffentlichten Marktübersichten helfen Anwendern verschiedenster Branchen, sich einen gezielten Überblick über Lieferantenangebote zu verschaffen. 

    Zur Marktübersicht
    Bildnachweise