User-dependent vulnerability discovery model and its interdisciplinary nature

Software Vulnerability is a broad discipline that cannot be controlled only by the technologies. The holistic framework is required that statistically encompasses the entire security issues of IT organizations regardless of individual projects. Earlier researchers have developed several mathematical models that determined the vulnerabilities trend over time. Besides that, the most common victims of the vulnerabilities i.e., the software buyers or users were addressed theoretically without considering their impact on vulnerability discovery modeling. In this research paper, we examined the vulnerability discovery rate on the basis of potential users of commercial software. Here we propose an interdisciplinary model that highlights the relationship between the vulnerability intensity and the number of users of the software. The numerical illustration based on several real data sets is provided to validate the proposed user-dependent vulnerability discovery model.

[1]  Eric Rescorla,et al.  Is finding security holes a good idea? , 2005, IEEE Security & Privacy.

[2]  S. Kumar,et al.  Contributions to Hardware and Software Reliability , 1999, Series on Quality, Reliability and Engineering Statistics.

[3]  John D. Musa,et al.  Operational profiles in software-reliability engineering , 1993, IEEE Software.

[4]  Rahul Telang,et al.  An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price , 2007, IEEE Transactions on Software Engineering.

[5]  Yogita Kansal,et al.  Prioritizing Vulnerabilities using ANP and Evaluating their Optimal Discovery and Patch Release Time , 2019 .

[6]  Mitsuhiro Kimura Software vulnerability: Definition, modelling, and practical evaluation for e-mail transfer software , 2006 .

[7]  Yashwant K. Malaiya,et al.  Modeling the vulnerability discovery process , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).

[8]  Tadashi Dohi,et al.  Optimal Security Patch Release Timing under Non-homogeneous Vulnerability-Discovery Processes , 2009, 2009 20th International Symposium on Software Reliability Engineering.

[9]  Rahul Telang,et al.  Market for Software Vulnerabilities? Think Again , 2005, Manag. Sci..

[10]  Yashwant K. Malaiya,et al.  Application of Vulnerability Discovery Models to Major Operating Systems , 2008, IEEE Transactions on Reliability.

[11]  P. C. Jha,et al.  Software Reliability Assessment with OR Applications , 2011 .

[12]  Stuart E. Schechter,et al.  Milk or Wine: Does Software Security Improve with Age? , 2006, USENIX Security Symposium.

[13]  P. K. Kapur,et al.  A software reliability growth model for an error-removal phenomenon , 1992, Softw. Eng. J..

[14]  G. Q. Kenny Estimating defects in commercial software during operational use , 1993 .

[15]  F. Bass A new product growth model for consumer durables , 1976 .