The Information Technology products are suffering from various security issues due to the flaws residing in the software system. These flaws allow the violations of security policy and leads into vulnerability. Once the associated user discovers vulnerability the number of intrusions increases until the vendor releases a patch. The patching process helps in maintaining the stability of the software and reduces the probability of damage potential. Even after diffusion and installation whether the patch has successfully removed the vulnerability or not is of great importance. Patch failures creates more vulnerabilities and leads into disaster for developing organizations and users. Thus the success rate of patch is also an unavoidable factor on the basis of which the intrusion rate can be judged. Here in this paper we propose a vulnerability patch modeling that addresses the patching of vulnerabilities that are either discovered by external user or internal user. We also discuss after installation what leads a patch towards failure and what will be its impact on an intact system. The model also provides measures to estimate the potential unsuccessful patch rate that will help developers in logistic planning while patch development. We have used three datasets of different domain to validate the model. A numerical with different goodness of fit criteria is also illustrated in the paper.
Software vulnerabilities trend over time has been proposed by various researchers and academicians in recent years. But none of them have considered operational coverage function in vulnerability discovery modeling. In this research paper, we have proposed a generalized statistical model that determines the relationship between operational coverage function and the number of expected vulnerabilities. During the operational phase, possible vulnerable sites are covered and vulnerabilities present at a particular site are discovered with some probability. We have assumed that the proposed model follows the nonhomogeneous Poisson process properties; thus, different distributions are used to formulate the model. The numerical illustration shows that the proposed model performs better and has the good fitness to the Google Chrome data. The second focus of this research paper is to evaluate the total cost incurred by the developer after software release and to identify the optimal vulnerability disclosure time through multiobjective utility function. The proposed vulnerability discovery helps in optimization. The optimal time problem depends on the combined effect of cost, risk, and effort.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.