Vulnerability Discovery Model

A Vulnerability Discovery Model (VDM) uses discovery event data with software reliability models for predicting the same. A thorough presentation of VDM techniques is available in.^[1] Numerous model implementations are available in the MCMCBayes open source repository. Several VDM examples include:

Alhazmi-Malaiya: Time based model (Alhazmi-Malaiya Logistic (AML) model)^[2]
Alhazmi-Malaiya: Effort based model^[2]
Rescorla: Quadratic Model and Exponential Model ^[3]
Anderson: Thermodynamic Model^[4]
Kim: Weibull Model^[5]
Linear Model
Hump-Shaped Model^[6]
Independent and Dependent Model^[7]
Vulnerability Discovery Modeling using Bayesian model averaging^[8]
Multivariate Vulnerability Discovery Models ^[9]

References

^ Johnston, Reuben (August 31, 2018). A Multivariate Bayesian Approach to Modeling Vulnerability Discovery in the Software Security Lifecycle (PhD). The George Washington University.
^ ^a ^b O. H. Alhazmi and Y. K. Malaiya, “Quantitative vulnerability assessment of systems software,” in Proc. Annual Reliability and Maintainability Symposium, January 2005, pp. 615–620.
^ E. Rescola, “Is finding security holes a good idea?,” Security and Privacy, pp. 14–19, Jan./Feb. 2005.
^ R. J. Anderson, “Security in open versus closed systems—The dance of Boltzmann, Coase and Moore,” in Open Source Software: Economics, Law and Policy. Toulouse, France, June 20–21, 2002.
^ HyunChul Joh, Jinyoo Kim, Yashwant K. Malaiya, "Vulnerability Discovery Modeling Using Weibull Distribution," issre, pp. 299–300, 2008 19th International Symposium on Software Reliability Engineering, 2008.
^ Anand, Adarsh; Bhatt, Navneet (2016-05-12). "Vulnerability Discovery Modeling and Weighted Criteria Based Ranking". Journal of the Indian Society for Probability and Statistics. 17 (1): 1–10. doi:10.1007/s41096-016-0006-4. ISSN 2364-9569. S2CID 111649745.
^ "VDM" (PDF).
^ Johnston; et al. (March 2019). "Bayesian-model averaging using MCMCBayes for web-browser vulnerability discovery". Reliability Engineering & System Safety. 183: 341–359. doi:10.1016/j.ress.2018.11.030. S2CID 59222056.
^ Johnston; et al. (August 2018). "Multivariate models using MCMCBayes for web-browser vulnerability discovery". Reliability Engineering & System Safety. 176: 52–61. doi:10.1016/j.ress.2018.03.024. S2CID 49323550.

[Johnston2018-1] Johnston, Reuben (August 31, 2018). A Multivariate Bayesian Approach to Modeling Vulnerability Discovery in the Software Security Lifecycle (PhD). The George Washington University.

[Alhazmi-2] O. H. Alhazmi and Y. K. Malaiya, “Quantitative vulnerability assessment of systems software,” in Proc. Annual Reliability and Maintainability Symposium, January 2005, pp. 615–620.

[3] E. Rescola, “Is finding security holes a good idea?,” Security and Privacy, pp. 14–19, Jan./Feb. 2005.

[4] R. J. Anderson, “Security in open versus closed systems—The dance of Boltzmann, Coase and Moore,” in Open Source Software: Economics, Law and Policy. Toulouse, France, June 20–21, 2002.

[5] HyunChul Joh, Jinyoo Kim, Yashwant K. Malaiya, "Vulnerability Discovery Modeling Using Weibull Distribution," issre, pp. 299–300, 2008 19th International Symposium on Software Reliability Engineering, 2008.

[6] Anand, Adarsh; Bhatt, Navneet (2016-05-12). "Vulnerability Discovery Modeling and Weighted Criteria Based Ranking". Journal of the Indian Society for Probability and Statistics. 17 (1): 1–10. doi:10.1007/s41096-016-0006-4. ISSN 2364-9569. S2CID 111649745.

[7] "VDM" (PDF).

[8] Johnston; et al. (March 2019). "Bayesian-model averaging using MCMCBayes for web-browser vulnerability discovery". Reliability Engineering & System Safety. 183: 341–359. doi:10.1016/j.ress.2018.11.030. S2CID 59222056.

[9] Johnston; et al. (August 2018). "Multivariate models using MCMCBayes for web-browser vulnerability discovery". Reliability Engineering & System Safety. 176: 52–61. doi:10.1016/j.ress.2018.03.024. S2CID 49323550.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

See also

References