Milk or wine: Does software security improve with age?

15th USENIX Security Symposium

Volumn , Issue , 2006, Pages 93-104

  Ozment, Andy ^a,b   Schechter, Stuart E ^a  

^a MIT LINCOLN LABORATORY   (United States)

^b UNIVERSITY OF CAMBRIDGE   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

LINES OF CODE; SOFTWARE SECURITY; STATISTICAL EVIDENCE;

WINE;

EID: 84877999984     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (15)

1. ABDEL-GHALY, A. A., CHAN, P. Y., AND LITTLEWOOD, B. Evaluation of competing software reliability predictions. IEEE Transactions on Software Engineering 12, 9 (1986), 950–967.
2. AIAA/ANSI. Recommended Practice: Software Reliability. ANSI, 1993. R-013-1992.
3. CAMP, L., AND WOLFRAM, C. Pricing security. In Proceedings of the CERT Information Survivability Workshop (Oct. 2000), pp. 31–39. Boston, MA, USA.
4. DE RAADT, T. Exploit mitigation techniques (in OpenBSD, of course). In Proceedings of OpenCON 2005 (Nov. 2005). Venice, Italy.
5. HATTON, L. Re-examining the fault density - component size connection. IEEE Software 14, 2 (1997), 89–97.
6. KANNAN, K., AND TELANG, R. Economic analysis of market for software vulnerabilities. In Workshop on Economics and Information Security (May 2004). Minneapolis, MN, USA.
7. NIST. NVD metabase: A CVE based vulnerability database. http://nvd.nist.gov.
8. OPENBSD. CVS – OpenBSD security page, revision 1.12, Feb. 1998. http://www.openbsd.org/cgi-bin/cvsweb/∼checkout∼/www/security.html?rev=1. 12&content-type=text/html.
9. OZMENT, A. Bug auctions: Vulnerability markets reconsidered. In Workshop on Economics and Information Security (May 2004). Minneapolis, MN, USA.
10. OZMENT, A. Software security growth modeling: Examining vulnerabilities with reliability growth models. In Proceedings of the First Workshop on Quality of Protection (September 2005). Milan, Italy.
11. RESCORLA, E. Is finding security holes a good idea? In Workshop on Economics and Information Security (May 2004). Minneapolis, Minnesota.
12. SCHECHTER, S. How to buy better testing: Using competition to get the most security and robustness for your dollar. In Infrastructure Security Conference (Oct. 2002). Bristol, UK.
13. SCHECHTER, S. Quantitatively differentiating system security. In Workshop on Economics and Information Security (May 2002). Berkeley, CA, USA.
14. STONEBURNER, W. SMERFS (Statistical Modeling and Estimation of Reliability Functions for Systems), Jan. 2003. http://www.slingcode.com/smerfs/.
15. TIAN, J. Integrating time domain and input domain analyses of software reliability using tree-based models. IEEE Transactions on Software Engineering 21, 12 (Dec. 1995), 945–958.