A Statistical Analysis of Vulnerability Discovery: Microsoft Operating Systems

Software vulnerabilities that lie within operating systems present significant issues to security professionals and senior managers. Therefore, information about the propagation and lifecycle that vulnerabilities exhibit within software systems is crucial to understanding the risks that organisations face. The authors present a review of the software vulnerability literature, an overview of contemporary vulnerability discovery models and a case study centred on the Microsoft Windows series of operating systems.

[1]  Indrakshi Ray,et al.  Vulnerability Discovery in Multi-Version Software Systems , 2007 .

[2]  William A. Arbaugh,et al.  A trend analysis of exploitations , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[3]  Omar H. Alhazmi,et al.  Quantitative vulnerability assessment of systems software , 2005, Annual Reliability and Maintainability Symposium, 2005. Proceedings..

[4]  Karim O. Elish,et al.  Predicting defect-prone software modules using support vector machines , 2008, J. Syst. Softw..

[5]  Fabio Massacci,et al.  An Idea of an Independent Validation of Vulnerability Discovery Models , 2012, ESSoS.

[6]  Rainer Böhme,et al.  A Comparison of Market Approaches to Software Vulnerability Disclosure , 2006, ETRICS.

[7]  Yashwant K. Malaiya,et al.  Seasonal Variation in the Vulnerability Discovery Process , 2009, 2009 International Conference on Software Testing Verification and Validation.

[8]  Jaziar Radianti A Study of a Social Behavior inside the Online Black Markets , 2010, 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies.

[9]  Yashwant K. Malaiya,et al.  Modeling the vulnerability discovery process , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).

[10]  Michael D. Smith,et al.  Computer security strength and risk: a quantitative approach , 2004 .

[11]  Andreas Zeller,et al.  Predicting vulnerable software components , 2007, CCS '07.