Home // ICSEA 2016, The Eleventh International Conference on Software Engineering Advances // View article

Predicting Unknown Vulnerabilities using Software Metrics and Maturity Models

Authors:
Patrick Kamongi
Krishna Kavi
Mahadevan Gomathisankaran

Keywords: Vulnerabilities; Metrics; Models

Abstract:
We face an increasing reliance on software-based services, applications, platforms, and infrastructures to accomplish daily activities. It is possible to introduce vulnerabilities during any software life cycle and these vulnerabilities could lead to security attacks. It is known that as the software complexity increases, discovering a new security vulnerability introduced by subsequent updates and code changes becomes difficult. This can be seen from the rate of new vulnerabilities discovered after a software release. IT Products' vulnerabilities sometimes remain undiscovered for many years. In this paper, we report our study of IT products' source codes using software maturity models and the history of vulnerabilities discovered. We use this data to develop a model to predict the number of security vulnerabilities contained in a product, including undiscovered vulnerabilities. Our proposed approach can be used to explore proactive strategies for mitigating the risks due to zero-day vulnerabilities.

Pages: 311 to 317

Copyright: Copyright (c) IARIA, 2016

Publication date: August 21, 2016

Published in: conference

ISSN: 2308-4235

ISBN: 978-1-61208-498-5

Location: Rome, Italy

Dates: from August 21, 2016 to August 25, 2016