TITLE:
Quantitative Security Evaluation for Software System from Vulnerability Database
AUTHORS:
Hiroyuki Okamura, Masataka Tokuzane, Tadashi Dohi
KEYWORDS:
Quantitative Security Evaluation; Vulnerability Database; Non-Homogeneous Poisson Process, Contents Management System
JOURNAL NAME:
Journal of Software Engineering and Applications,
Vol.6 No.4A,
April
23,
2013
ABSTRACT:
This paper proposes a quantitative
security evaluation for software system from the vulnerability data consisting
of discovery date, solution date and exploit publish date based on a stochastic
model. More precisely, our model considers a vulnerability life-cycle model and represents the vulnerability
discovery process as a non-homogeneous Poisson process. In a numerical example,
we show the quantitative measures for contents management system of an open
source project.