{"title":"基于多层次漏洞发现模型的软件安全评估","authors":"Ruchi Sharma, A. Shrivastava, H. Pham","doi":"10.1080/08982112.2022.2132404","DOIUrl":null,"url":null,"abstract":"Abstract In this work, we propose a new vulnerability discovery model by predicting the number and probability of occurrence of vulnerabilities of different severity levels in software. The severity prediction assumes that the vulnerability score is a continuous variable distributed over a range of 0–10 as per the widely accepted common vulnerability scoring system. We have further developed a risk assessment model which can be used to define the security level of software and is helpful in risk assessment and patch management. A numerical illustration is done on real-life dataset to validate the proposed model.","PeriodicalId":20846,"journal":{"name":"Quality Engineering","volume":"35 1","pages":"341 - 352"},"PeriodicalIF":1.3000,"publicationDate":"2022-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Software security evaluation using multilevel vulnerability discovery modeling\",\"authors\":\"Ruchi Sharma, A. Shrivastava, H. Pham\",\"doi\":\"10.1080/08982112.2022.2132404\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract In this work, we propose a new vulnerability discovery model by predicting the number and probability of occurrence of vulnerabilities of different severity levels in software. The severity prediction assumes that the vulnerability score is a continuous variable distributed over a range of 0–10 as per the widely accepted common vulnerability scoring system. We have further developed a risk assessment model which can be used to define the security level of software and is helpful in risk assessment and patch management. A numerical illustration is done on real-life dataset to validate the proposed model.\",\"PeriodicalId\":20846,\"journal\":{\"name\":\"Quality Engineering\",\"volume\":\"35 1\",\"pages\":\"341 - 352\"},\"PeriodicalIF\":1.3000,\"publicationDate\":\"2022-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Quality Engineering\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://doi.org/10.1080/08982112.2022.2132404\",\"RegionNum\":4,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"ENGINEERING, INDUSTRIAL\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Quality Engineering","FirstCategoryId":"5","ListUrlMain":"https://doi.org/10.1080/08982112.2022.2132404","RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, INDUSTRIAL","Score":null,"Total":0}
Software security evaluation using multilevel vulnerability discovery modeling
Abstract In this work, we propose a new vulnerability discovery model by predicting the number and probability of occurrence of vulnerabilities of different severity levels in software. The severity prediction assumes that the vulnerability score is a continuous variable distributed over a range of 0–10 as per the widely accepted common vulnerability scoring system. We have further developed a risk assessment model which can be used to define the security level of software and is helpful in risk assessment and patch management. A numerical illustration is done on real-life dataset to validate the proposed model.
期刊介绍:
Quality Engineering aims to promote a rich exchange among the quality engineering community by publishing papers that describe new engineering methods ready for immediate industrial application or examples of techniques uniquely employed.
You are invited to submit manuscripts and application experiences that explore:
Experimental engineering design and analysis
Measurement system analysis in engineering
Engineering process modelling
Product and process optimization in engineering
Quality control and process monitoring in engineering
Engineering regression
Reliability in engineering
Response surface methodology in engineering
Robust engineering parameter design
Six Sigma method enhancement in engineering
Statistical engineering
Engineering test and evaluation techniques.