Modeling the vulnerability discovery process

Proceedings - International Symposium on Software Reliability Engineering, ISSRE

Volumn 2005, Issue , 2005, Pages 129-138

  Alhazmi, O H ^a   Malaiya, Y K ^a  

^a Colorado State University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

SOFTWARE DEFECTS; SOFTWARE DEVELOPERS; SOFTWARE TESTING; VULNERABILITY DISCOVERY PROCESS;

COMPUTER OPERATING SYSTEMS; FAULT TREE ANALYSIS; RESOURCE ALLOCATION; SERVERS;

SOFTWARE ENGINEERING;

EID: 33750962700     PISSN: 10719458     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISSRE.2005.30     Document Type: Conference Paper

References (20)

1. H. Akaike, Prediction and Entropy, MRC Technical Summary Report #2397. NTIS, Springfield, VA., 1982.
2. O. H. Alhazmi and Y.K. Malaiya, "Quantitative vulnerability assessment of systems software," Proc. Annual Reliability and Maintainability Symposium, 2005. pp. 615-620.
3. O. H. Alhazmi, Y. K. Malaiya and I. Ray, "Security Vulnerabilities in Software Systems: A Quantitative Perspective," Proc. Ann. IFIP WG11.3 Working Conference on Data and Information Security, Aug. 2005.pp. 281-294.
4. O. H. Alhazmi, Y. K. Malaiya, "Prediction Capability of Vulnerability Discovery Models", to appear in Proc. Reliability and Maintainability Symposium, January 2006.
5. R. J. Anderson, "Security in Opens versus Closed Systems - The Dance of Boltzmann, Coase and Moore," Open Source Software: Economics, Law and Policy, Toulouse, France, June 20-21, 2002.
6. S. Beattie, S. Arnold, C. Cowan, P. Wagle and C. Wright, "Timing the Application of Security Patches for Optimal Uptime," Proc. LISA XVI, November 2002. pp 233-242.
7. P. G. Bishop and R. E. Bloomfield, "A Conservative Theory for Long-Term Reliability Growth Prediction," IEEE Trans. Reliability, Vol. 45, No. 4, Dec. 1996. pp
8. R. M. Brady, R. J. Anderson, R. C. Ball, "Murphy's law, the fitness of evolving species, and the limits of software reliability", Cambridge University Computer Laboratory Technical Report No. 471 (September 1999), available at http://www.cl.cam.ac.uk/ftp/users/rja14/babtr.pdf.
9. H. K. Browne, W. A. Arbaugh, J. McHugh, W. L. Fithen, "A Trend Analysis of Exploitation," Proc. IEEE Symposium on Security and Privacy, 2001, May 2001, pp. 214-229.
10. B. Brykczynski and R. A. Small, "Reducing Internet-Based Intrusions: Effective Security Patch Management,", IEEE Software, Vol. 20, No. 1, Jan-Feb 2003, pp. 50-57
11. A. L. Goel and K. Okumoto, "Time-Dependent Error Detection Rate Model for Software and Other Performance Measures," IEEE Trans. on Reliability, R-28, 3, August 1979, pp. 206-211.
12. ICAT Metabase, http://icat.nist.gov/icat.cfm, February 2004.
13. M. R. Lyu, Ed., Handbook of Software Reliability Engineering, McGraw-Hill, 1995.
14. Y.K. Malaiya, A. von Mayrhauser, P.K. Srimani, "An Examination of Fault Exposure Ratio," IEEE Trans. Software Engineering, Nov. 1993, pp. 1087-1094.
15. G. McGraw. "From the Ground Up: The DIMACS Software Security Workshop," IEEE Security & Privacy. Volume 1, Number 2, March/April 2003, pp. 59-66.
16. The MITRE Corporation, www.mitre.org, February 2005.
17. J. D. Musa, Software Reliability Engineering, McGraw-Hill, 1999.
18. J.D. Musa and K. Okumoto, "A logarithmic Poisson execution time model for software reliability measurement," Proc. 7th International Conference on Software Engineering, Orlando, FL, 1984, pp. 230-238.
19. E. Rescola, "Is finding security holes a good idea?" Security and Privacy, Jan-Feb 2005. pp. 14-19.
20. E. E. Schultz, Jr., D. S. Brown and T. A. Longstaff, "Responding to Computer Security Incidents," Lawrence Livermore National Laboratory, ftp://ftp.cert.dfn.de/pub/docs/csir/ihg.ps.gz, July 23, 1990.