摘要: Security vulnerabilities in servers and operating systems are software defects that represent great risks. Both developers users struggling to contain the risk posed by these vulnerabilities. The discovered both external testers throughout life-span of a system. A few models for vulnerability discovery process have just been published recently. Such will allow effective resource allocation patch development also needed evaluating exploitation. Here we examine process. examined analytically using actual data on three widely-used systems. applicability proposed significance parameters involved discussed. limitations major research challenges identified
colostate.edu参考文章(18)
Omar Alhazmi, Yashwant Malaiya, Indrajit Ray, Security vulnerabilities in software systems: a quantitative perspective Lecture Notes in Computer Science. pp. 281- 294 ,(2005) , 10.1007/11535706_21
Hirotugu Akaike, Prediction and Entropy Springer, New York, NY. pp. 1- 24 ,(1985) , 10.1007/978-1-4613-8560-8_1
John D. Musa, Geoffrey A. Wilson, A. Frank Ackerman, William W. Everett, Software Reliability Engineering ,(1998)
Ross J. Anderson, Robin C. Ball, Robert M. Brady, Murphy’s law, the fitness of evolving species, and the limits of software reliability ,(1999)
P. Bishop, R. Bloomfield, A conservative theory for long-term reliability-growth prediction [of software] IEEE Transactions on Reliability. ,vol. 45, pp. 550- 560 ,(1996) , 10.1109/24.556578
Amrit L. Goel, Kazu Okumoto, Time-Dependent Error-Detection Rate Model for Software Reliability and Other Performance Measures IEEE Transactions on Reliability. ,vol. R-28, pp. 206- 211 ,(1979) , 10.1109/TR.1979.5220566
G. McGraw, From the ground up: the DIMACS software security workshop ieee symposium on security and privacy. ,vol. 1, pp. 59- 66 ,(2003) , 10.1109/MSECP.2003.1193213
B. Brykczynski, R.A. Small, Reducing Internet-based intrusions: Effective security patch management IEEE Software. ,vol. 20, pp. 50- 57 ,(2003) , 10.1109/MS.2003.1159029
O.H. Alhazmi, Y.K. Malaiya, Quantitative vulnerability assessment of systems software reliability and maintainability symposium. pp. 615- 620 ,(2005) , 10.1109/RAMS.2005.1408432
Perry Wagle, Steve Beattie, Crispin Cowan, Seth Arnold, Chris Wright, Adam Shostack, Timing the Application of Security Patches for Optimal Uptime usenix large installation systems administration conference. pp. 233- 242 ,(2002)