Premium
Coverage‐based vulnerability discovery modeling to optimize disclosure time using multiattribute approach
Author(s) -
Kansal Yogita,
Kapur Parmod Kumar,
Kumar Uday
Publication year - 2019
Publication title -
quality and reliability engineering international
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.913
H-Index - 62
eISSN - 1099-1638
pISSN - 0748-8017
DOI - 10.1002/qre.2380
Subject(s) - vulnerability (computing) , computer science , function (biology) , software , process (computing) , poisson distribution , operations research , reliability engineering , data mining , mathematical optimization , engineering , mathematics , statistics , computer security , evolutionary biology , biology , programming language , operating system
Abstract Software vulnerabilities trend over time has been proposed by various researchers and academicians in recent years. But none of them have considered operational coverage function in vulnerability discovery modeling. In this research paper, we have proposed a generalized statistical model that determines the relationship between operational coverage function and the number of expected vulnerabilities. During the operational phase, possible vulnerable sites are covered and vulnerabilities present at a particular site are discovered with some probability. We have assumed that the proposed model follows the nonhomogeneous Poisson process properties; thus, different distributions are used to formulate the model. The numerical illustration shows that the proposed model performs better and has the good fitness to the Google Chrome data. The second focus of this research paper is to evaluate the total cost incurred by the developer after software release and to identify the optimal vulnerability disclosure time through multiobjective utility function. The proposed vulnerability discovery helps in optimization. The optimal time problem depends on the combined effect of cost, risk, and effort.