Change Point Modelling in the Vulnerability Discovery Process

The process of vulnerability discovery and its successful fixation is dependent on various factors like testing strategy, test case effectiveness, team constitution, efficiency, and environmental factors. These factors are prone to changes over the period of time. Change point analysis is the process of detecting this point at which the cumulative effect of factors affects the rate of change of vulnerability discovery. In this paper, we propose a mathematical model which captures point of switch or change in the regression. The practical utility of the model is confirmed by validating it on three real life software datasets. The results validate that the proposed model with change point consideration shows a better goodness of fit in comparison with mathematical models without change point.

[1]  Yashwant K. Malaiya,et al.  Vulnerability Discovery Modeling Using Weibull Distribution , 2008, 2008 19th International Symposium on Software Reliability Engineering (ISSRE).

[2]  Huan-Jyh Shyur,et al.  A stochastic software reliability model with imperfect-debugging and change-point , 2003, J. Syst. Softw..

[3]  Yashwant K. Malaiya,et al.  Application of Vulnerability Discovery Models to Major Operating Systems , 2008, IEEE Transactions on Reliability.

[4]  John D. Musa,et al.  Software Reliability Engineering: More Reliable Software Faster and Cheaper , 2004 .

[5]  Yashwant K. Malaiya,et al.  Modeling the vulnerability discovery process , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).

[6]  Eugene H. Spafford,et al.  Computer Vulnerability Analysis , 1998 .

[7]  Indrakshi Ray,et al.  Vulnerability Discovery in Multi-Version Software Systems , 2007 .

[8]  P. K. Kapur,et al.  A comparative study of vulnerability discovery modeling and software reliability growth modeling , 2015, 2015 International Conference on Futuristic Trends on Computational Analysis and Knowledge Management (ABLAZE).

[9]  P. C. Jha,et al.  Software Reliability Assessment with OR Applications , 2011 .

[10]  P. K. Kapur,et al.  Vulnerability discovery model for a software system using stochastic differential equation , 2015, 2015 International Conference on Futuristic Trends on Computational Analysis and Knowledge Management (ABLAZE).

[11]  John D. Musa,et al.  A theory of software reliability and its application , 1975, IEEE Transactions on Software Engineering.

[12]  Ritu Sibal,et al.  Vulnerability Discovery Modeling for Open and Closed Source Software , 2016, Int. J. Secur. Softw. Eng..

[13]  Adarsh Anand,et al.  Vulnerability Discovery Modelling for Software with Multi-versions , 2017 .

[14]  Mitsuhiro Kimura Software vulnerability: Definition, modelling, and practical evaluation for e-mail transfer software , 2006 .

[15]  Eric Rescorla,et al.  Is finding security holes a good idea? , 2005, IEEE Security & Privacy.

[16]  Adarsh Anand,et al.  Vulnerability Discovery Modeling and Weighted Criteria Based Ranking , 2016 .

[17]  Chin-Yu Huang,et al.  Enhancing software reliability modeling and prediction through the introduction of time-variable fault reduction factor , 2011 .

[18]  Adarsh Anand,et al.  Modeling and Characterizing Software Vulnerabilities , 2017 .

[19]  Chin-Yu Huang,et al.  Performance analysis of software reliability growth models with testing-effort and change-point , 2005, J. Syst. Softw..

[20]  P. K. Kapur,et al.  A software reliability growth model for an error-removal phenomenon , 1992, Softw. Eng. J..

[21]  Indrajit Ray,et al.  Measuring, analyzing and predicting security vulnerabilities in software systems , 2007, Comput. Secur..