Vulnerability Discovery Model Explained

A Vulnerability Discovery Model (VDM) uses discovery event data with software reliability models for predicting the same. A thorough presentation of VDM techniques is available in.^[1] Numerous model implementations are available in the MCMCBayes open source repository. Several VDM examples include:

• Alhazmi-Malaiya: Time based model (Alhazmi-Malaiya Logistic (AML) model)^[2]
• Alhazmi-Malaiya: Effort based model
• Rescorla: Quadratic Model and Exponential Model ^[3]
• Anderson: Thermodynamic Model^[4]
• Kim: Weibull Model^[5]
• Linear Model
• Hump-Shaped Model^[6]
• Independent and Dependent Model^[7]
• Vulnerability Discovery Modeling using Bayesian model averaging^[8]
• Multivariate Vulnerability Discovery Models ^[9]

See also

• Attack (computing)
• Computer security
• Information security
• IT risk
• Threat (computer)
• Vulnerability (computing)

Notes and References

1. PhD . Johnston . Reuben . August 31, 2018 . A Multivariate Bayesian Approach to Modeling Vulnerability Discovery in the Software Security Lifecycle . The George Washington University.
2. O. H. Alhazmi and Y. K. Malaiya, “Quantitative vulnerability assessment of systems software,” in Proc. Annual Reliability and Maintainability Symposium, January 2005, pp. 615–620.
3. E. Rescola, “Is finding security holes a good idea?,” Security and Privacy, pp. 14–19, Jan./Feb. 2005.
4. R. J. Anderson, “Security in open versus closed systems—The dance of Boltzmann, Coase and Moore,” in Open Source Software: Economics, Law and Policy. Toulouse, France, June 20–21, 2002.
5. HyunChul Joh, Jinyoo Kim, Yashwant K. Malaiya, "Vulnerability Discovery Modeling Using Weibull Distribution," issre, pp. 299–300, 2008 19th International Symposium on Software Reliability Engineering, 2008.
6. Anand. Adarsh. Bhatt. Navneet. 2016-05-12. Vulnerability Discovery Modeling and Weighted Criteria Based Ranking. Journal of the Indian Society for Probability and Statistics. en. 17. 1. 1–10. 10.1007/s41096-016-0006-4. 111649745. 2364-9569.
7. Web site: VDM.
8. Johnston. etal . Bayesian-model averaging using MCMCBayes for web-browser vulnerability discovery . Reliability Engineering & System Safety . 183 . March 2019 . 341–359 . 10.1016/j.ress.2018.11.030. 59222056 .
9. Johnston. etal . Multivariate models using MCMCBayes for web-browser vulnerability discovery . Reliability Engineering & System Safety . 176 . August 2018 . 52–61 . 10.1016/j.ress.2018.03.024. 49323550 .