Obtaining complete information regarding discovered vulnerabilities looks\nextremely difficult. Yet, developing statistical models requires a great deal of\nsuch complete information about the vulnerabilities. In our previous studies,\nwe introduced a new concept of ââ?¬Å?Risk Factorââ?¬Â of vulnerability which was calculated\nas a function of time. We introduced the use of Markovian approach\nto estimate the probability of a particular vulnerability being at a particular\nââ?¬Å?stateââ?¬Â of the vulnerability life cycle. In this study, we further develop our\nmodels, use available data sources in a probabilistic foundation to enhance the\nreliability and also introduce some useful new modeling strategies for vulnerability\nrisk estimation. Finally, we present a new set of Non-Linear Statistical\nModels that can be used in estimating the probability of being exploited as a\nfunction of time. Our study is based on the typical security system and vulnerability\ndata that are available. However, our methodology and system structure\ncan be applied to a specific security system by any software engineer and\nusing their own vulnerabilities to obtain their probability of being exploited as\na function of time. This information is very important to a companyââ?¬â?¢s security\nsystem in its strategic plan to monitor and improve its process for not being\nexploited.
Loading....