 Stochastic Models of Software Vulnerability Life CycleRomuald Hoffmann
Collegium of Economic Analysis Annals, 2018, issue 49, 273-286 Abstract: Software Vulnerability Life Cycle (SVLC) illustrates changes in the detection process of software vulnerability during the system exploitation. In the detection process generally two groups of actors can be distinguished: the potential exploiters and the patch developers. In this paper, there was proposed an expansion of SVLC by adding events of an anti-virus signature release and a new exploit execution to the existing general definition of vulnerability life cycle. The presented approach in this article models the extended software vulnerability life cycle as a stochastic process: a continuous time Markov chain. Consequently, there were proposed two stochastic models of the expanded vulnerability life cycle. The models can be used for evaluating the risk of vulnerability exploitation and information system security. Keywords: software vulnerability life cycle; SVLC; expanded software vulnerability life cycle; stochastic model; homogeneous Markov process; Markov Chain; Continuous Time Markov Chain; CTMC; system dynamics (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:sgh:annals:i:49:y:2018:p:273-286 Access Statistics for this article Collegium of Economic Analysis Annals is currently edited by Joanna Plebaniak, Beata Czarnacka-Chrobot More articles in Collegium of Economic Analysis Annals from Warsaw School of Economics, Collegium of Economic Analysis Contact information at EDIRC. |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.