User-based multi-upgradation vulnerability discovery model

A software practice like code reusability in the successive upgradations of the particular software is increasing vigorously. The software is upgraded when the new requirements of the customers explored in the market, thus it includes some of its own newly defined functionalities and some existing functionalities. However, the upgradation/version also includes the vulnerabilities which are generated either due to the effect of new features or the shared ones that were not resolved while testing. In operational phase, the vulnerabilities are discovered through the users who may adopt multiple versions of the software or have used only the single version. We have observed that the developers face many problems while predicting the multi upgradation vulnerabilities as some proportion of the vulnerabilities and the users of the successive versions are found to be similar. In this research work, we proposed a mathematical model that highlights the prediction of user-dependent vulnerabilities in a Multi-Upgradation software system. The model emphasizes on the impact of the shared code on the vulnerability's frequency rate and user's growth rate. A numerical is illustrated to validate the model capabilities with the help of real life data set.

[1]  Adarsh Anand,et al.  Vulnerability Discovery Modelling for Software with Multi-versions , 2017 .

[2]  Ross J. Anderson,et al.  Security in open versus closed systems - the dance of Boltzmann , 2002 .

[3]  Indrakshi Ray,et al.  Vulnerability Discovery in Multi-Version Software Systems , 2007, 10th IEEE High Assurance Systems Engineering Symposium (HASE'07).

[4]  Eric Rescorla,et al.  Is finding security holes a good idea? , 2005, IEEE Security & Privacy.

[5]  Deepak Kumar,et al.  Vulnerability Patch Modeling , 2016 .

[6]  Yashwant K. Malaiya,et al.  Vulnerability Discovery Modeling Using Weibull Distribution , 2008, 2008 19th International Symposium on Software Reliability Engineering (ISSRE).

[7]  Mitsuhiro Kimura Software vulnerability: Definition, modelling, and practical evaluation for e-mail transfer software , 2006 .

[8]  S. Kumar,et al.  Contributions to Hardware and Software Reliability , 1999, Series on Quality, Reliability and Engineering Statistics.

[9]  Frank M. Bass,et al.  A New Product Growth for Model Consumer Durables , 2004, Manag. Sci..

[10]  P. K. Kapur,et al.  A comparative study of vulnerability discovery modeling and software reliability growth modeling , 2015, 2015 International Conference on Futuristic Trends on Computational Analysis and Knowledge Management (ABLAZE).

[11]  P. K. Kapur,et al.  Vulnerability discovery model for a software system using stochastic differential equation , 2015, 2015 International Conference on Futuristic Trends on Computational Analysis and Knowledge Management (ABLAZE).

[12]  P. K. Kapur,et al.  User-dependent vulnerability discovery model and its interdisciplinary nature , 2017, INFOCOM 2017.

[13]  Yashwant K. Malaiya,et al.  Modeling the vulnerability discovery process , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).

[14]  Yashwant K. Malaiya,et al.  Application of Vulnerability Discovery Models to Major Operating Systems , 2008, IEEE Transactions on Reliability.

[15]  P. K. Kapur,et al.  A software reliability growth model for an error-removal phenomenon , 1992, Softw. Eng. J..

[16]  G. Q. Kenny Estimating defects in commercial software during operational use , 1993 .

[17]  P. C. Jha,et al.  Software Reliability Assessment with OR Applications , 2011 .

[18]  Stuart E. Schechter,et al.  Milk or Wine: Does Software Security Improve with Age? , 2006, USENIX Security Symposium.