期刊名称:Journal of Software Engineering and Applications
印刷版ISSN:1945-3116
电子版ISSN:1945-3124
出版年度:2013
卷号:6
期号:4A
页码:15-23
DOI:10.4236/jsea.2013.64A003
出版社:Scientific Research Publishing
摘要:This paper proposes a quantitative security evaluation for software system from the vulnerability data consisting of discovery date, solution date and exploit publish date based on a stochastic model. More precisely, our model considers a vulnerability life-cycle model and represents the vulnerability discovery process as a non-homogeneous Poisson process. In a numerical example, we show the quantitative measures for contents management system of an open source project.
