Predicting vulnerability discovery rate using past versions of a software

Abstract

A vulnerability discovery model (VDM) describes the number of security vulnerabilities for a software across time. Several models have been proposed to capture characteristics of the vulnerabilities discovery trend for different stages in the life cycle of various software. Such models can help in assessing the risk of a software by helping to predict its number and trend of vulnerabilities discovery. However, existing work examine software independently when investigating the use of such VDMs for predicting its vulnerability discovery trend. In this work, we propose two algorithms—MeanFit and TrendFit— to utilise vulnerability discovery data from past versions of a current software to help in building its vulnerability discovery model. Experimental results indicate merit in the algorithms in cases where there is limited data for the current software.