Software Vulnerabilities: Lifespans, Metrics, And Case Study
Wright, Jason L.. (2014). Software Vulnerabilities: Lifespans, Metrics, And Case Study. Theses and Dissertations Collection, University of Idaho Library Digital Collections. https://www.lib.uidaho.edu/digital/etd/items/wright_idaho_0089m_10335.html
- Title:
- Software Vulnerabilities: Lifespans, Metrics, And Case Study
- Author:
- Wright, Jason L.
- Date:
- 2014
- Keywords:
- security vulnerabilities
- Program:
- Computer Science
- Subject Category:
- Computer science; Computer engineering
- Abstract:
-
It is difficult for end-users to judge the risk posed by software security vulnerabilities. This thesis examines three aspects of the software security vulnerability ecosystem to determine if commonly used metrics are based on sound engineering principles.
First, the decision by several security research firms to decrease the grace period before publicly releasing vulnerability details was examined. No evidence was found suggest that periods less than 6 months are effective.
Second, two new metrics are presented which are more easily computed, repeatable, and verifiable than previous metrics. Both metrics provide the ability to compare software packages based on number of vulnerabilities and vendor response time.
Third, metrics based strictly on known vulnerabilities are brought into question. The number of bugs which represent vulnerabilities is estimated for a particular package and the estimated number of resulting vulnerabilities is found to be far greater than the currently known vulnerabilities.
- Description:
- masters, M.S., Computer Science -- University of Idaho - College of Graduate Studies, 2014
- Major Professor:
- Manic, Milos
- Committee:
- McQueen, Miles A; Dinolt, George W
- Defense Date:
- 2014
- Identifier:
- Wright_idaho_0089M_10335
- Type:
- Text
- Format Original:
- Format:
- application/pdf
- Rights:
- In Copyright - Educational Use Permitted. For more information, please contact University of Idaho Library Special Collections and Archives Department at libspec@uidaho.edu.
- Standardized Rights:
- http://rightsstatements.org/vocab/InC-EDU/1.0/