ETD PDF

Software Vulnerabilities: Lifespans, Metrics, And Case Study

Citation

Wright, Jason L.. (2014). Software Vulnerabilities: Lifespans, Metrics, And Case Study. Theses and Dissertations Collection, University of Idaho Library Digital Collections. https://www.lib.uidaho.edu/digital/etd/items/wright_idaho_0089m_10335.html

Title:
Software Vulnerabilities: Lifespans, Metrics, And Case Study
Author:
Wright, Jason L.
Date:
2014
Keywords:
security vulnerabilities
Program:
Computer Science
Subject Category:
Computer science; Computer engineering
Abstract:

It is difficult for end-users to judge the risk posed by software security vulnerabilities. This thesis examines three aspects of the software security vulnerability ecosystem to determine if commonly used metrics are based on sound engineering principles.

First, the decision by several security research firms to decrease the grace period before publicly releasing vulnerability details was examined. No evidence was found suggest that periods less than 6 months are effective.

Second, two new metrics are presented which are more easily computed, repeatable, and verifiable than previous metrics. Both metrics provide the ability to compare software packages based on number of vulnerabilities and vendor response time.

Third, metrics based strictly on known vulnerabilities are brought into question. The number of bugs which represent vulnerabilities is estimated for a particular package and the estimated number of resulting vulnerabilities is found to be far greater than the currently known vulnerabilities.

Description:
masters, M.S., Computer Science -- University of Idaho - College of Graduate Studies, 2014
Major Professor:
Manic, Milos
Committee:
McQueen, Miles A; Dinolt, George W
Defense Date:
2014
Identifier:
Wright_idaho_0089M_10335
Type:
Text
Format Original:
PDF
Format:
application/pdf

Contact us about this record

Rights
Rights:
In Copyright - Educational Use Permitted. For more information, please contact University of Idaho Library Special Collections and Archives Department at libspec@uidaho.edu.
Standardized Rights:
http://rightsstatements.org/vocab/InC-EDU/1.0/