Please use this identifier to cite or link to this item:

Estimating Software Vulnerability Counts in the Context of Cyber Risk Assessments

File Size Format  
paper0689.pdf 503.46 kB Adobe PDF View/Open

Item Summary

Title:Estimating Software Vulnerability Counts in the Context of Cyber Risk Assessments
Authors:Llanso, Thomas
McNeil, Martha
Keywords:Cyber Security and Software Assurance
cyber, discovery rate, flaw rate, risk, vulnerability
Date Issued:03 Jan 2018
Abstract:Stakeholders often conduct cyber risk assessments as a first step towards understanding and managing their risks due to cyber use. Many risk assessment methods in use today include some form of vulnerability analysis. Building on prior research and combining data from several sources, this paper develops and applies a metric to estimate the proportion of latent vulnerabilities to total vulnerabilities in a software system and applies the metric to five scenarios involving software on the scale of operating systems. The findings suggest caution in interpreting the results of cyber risk methodologies that depend on enumerating known software vulnerabilities because the number of unknown vulnerabilities in large-scale software tends to exceed known vulnerabilities.
Pages/Duration:7 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Cybersecurity and Software Assurance

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons