Software Selection based on Quantitative Security Risk Assessment
In this paper, the authors present a software product evaluation method using such a quantitative security risk assessment model. This method utilizes prior research in quantitative security risk assessment, which is based on empirical data from the National Vulnerability Database (NVD), and compares the security risk levels of the products evaluated. They introduced topic modeling to build a security risk assessment model. The risk model is created using Latent Dirichlet Allocation (LDA) to classify the vulnerabilities into topics, which are then used as the measurement instruments to evaluate the candidate software product.