A comparative study of vulnerability discovery modeling and software reliability growth modeling

摘要

Technological advancements are achieving greater heights with each passing day. Information technology is one of the area in which is developing at an agile pace. It has evolved in such a way that we all are interconnected through some medium viz. Internet, telecommunication etc. Technical advancements have grown enough to affect everyone's day to day life. With this increasing dependency on software systems the issue of being secure is a big challenge. This security problem is becoming critical due to the presence of bad guys and attracted a lot of researchers towards identifying major attributes of security. One of the security attribute considered in this paper is software vulnerability. Software security vulnerability is a weakness in a software product that could allow an attacker to compromise the integrity, availability, or confidentiality of that product. In past, Vulnerabilities have been reported in the various operating systems. In order to mitigate the risk associated with these vulnerabilities both the developers as well as the users have to utilize their significant resources. Recently few researchers have shown their interest in investigating the potential number of vulnerabilities in the software by applying quantitative approach. In this paper we analytically describe existing models and compare it with our proposed models by evaluating these models using actual data for various software systems. Our proposed models capture the discovery process relatively better than the existing discovery models. Further it has also been shown that some of the existing SRGM can also be used for predicting security vulnerabilities in software.