• Medientyp: E-Artikel
  • Titel: Modeling Software Patch Management Based on Vulnerabilities Discovered
  • Beteiligte: Anand, Adarsh; Bhatt, Navneet; Aggrawal, Deepti
  • Erschienen: World Scientific Pub Co Pte Lt, 2020
  • Erschienen in: International Journal of Reliability, Quality and Safety Engineering, 27 (2020) 2, Seite 2040003
  • Sprache: Englisch
  • DOI: 10.1142/s0218539320400033
  • ISSN: 0218-5393; 1793-6446
  • Entstehung:
  • Anmerkungen:
  • Beschreibung: A software system deals with various security implications after its release in the market. Correspondingly, firm releases security patches to counter those flaws discovered in the software system. A vendor releases a patch only if a vulnerability has been discovered in a software. It is an important aspect that encompasses the prediction of potential number of patches to be released to maintain the stability of a software. Vulnerability Discovery Models (VDMs) help a software vendor to acknowledge the security trends, forecast security investments and to plan patches, but very few attempts have been made to model the Vulnerability Patch Modeling (VPM) based on the impact of vulnerabilities discovered over the time period. In this proposal, we deduce a novel approach that addresses trend in the sequential development of patches based on the vendor or reporters fetching out the vulnerabilities in a software. The vulnerability trends in a software significantly affect the discovery process and later trigger a patch deployment to suppress the possible likelihood of a breach. The integrative approach underlines the association of vulnerability patch modeling with the vulnerability discovery phenomenon. To exemplify the proposed systematic structure, a statistical analysis has been conducted using real life vulnerability and patch datasets.