Stochastic Modelling of Vulnerability Life Cycle and Security Risk Evaluation

Sasith M. Rajasooriya, Chris P. Tsokos, Pubudu Kalpani Kaluarachchi
2016 Journal of Information Security  
The objective of the present study is to propose a risk evaluation statistical model for a given vulnerability by examining the Vulnerability Life Cycle and the CVSS score. Having a better understanding of the behavior of vulnerability with respect to time will give us a great advantage. Such understanding will help us to avoid exploitations and introduce patches for a particular vulnerability before the attacker takes the advantage. Utilizing the proposed model one can identify the risk factor
more » ... of a specific vulnerability being exploited as a function of time. Measuring of the risk factor of a given vulnerability will also help to improve the security level of software and to make appropriate decisions to patch the vulnerability before an exploitation takes place.
doi:10.4236/jis.2016.74022 fatcat:55gyh3z3nrb7hoqw7zm2hdlale