Quantitative Security Evaluation for Software System from Vulnerability Database

Download Now Free registration required

Executive Summary

Many security incidents have been reported in enterprise systems and personal computers, such as the denial-of-service attack via computer viruses and the data leak caused by unauthorized accesses. This paper proposes a quantitative security evaluation for software system from the vulnerability data consisting of discovery date, solution date and exploit publish date based on a stochastic model. More precisely, the authors' model considers a vulnerability life-cycle model and represents the vulnerability discovery process as a non-homogeneous Poisson process. In a numerical example, they show the quantitative measures for contents management system of an open source project.

  • Format: PDF
  • Size: 285.32 KB