Economics at your fingertips  

Stochastic Models of Software Vulnerability Life Cycle

Romuald Hoffmann
Additional contact information
Romuald Hoffmann: Wojskowa Akademia Techniczna w Warszawie, Wydział Cybernetyki

Collegium of Economic Analysis Annals, 2018, issue 49, 273-286

Abstract: Software Vulnerability Life Cycle (SVLC) illustrates changes in the detection process of software vulnerability during the system exploitation. In the detection process generally two groups of actors can be distinguished: the potential exploiters and the patch developers. In this paper, there was proposed an expansion of SVLC by adding events of an anti-virus signature release and a new exploit execution to the existing general definition of vulnerability life cycle. The presented approach in this article models the extended software vulnerability life cycle as a stochastic process: a continuous time Markov chain. Consequently, there were proposed two stochastic models of the expanded vulnerability life cycle. The models can be used for evaluating the risk of vulnerability exploitation and information system security.

Keywords: software vulnerability life cycle; SVLC; expanded software vulnerability life cycle; stochastic model; homogeneous Markov process; Markov Chain; Continuous Time Markov Chain; CTMC; system dynamics (search for similar items in EconPapers)
Date: 2018
References: View complete reference list from CitEc
Citations Track citations by RSS feed

Downloads: (external link) Full text (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link:

Access Statistics for this article

Collegium of Economic Analysis Annals is currently edited by Joanna Plebaniak, Beata Czarnacka-Chrobot

More articles in Collegium of Economic Analysis Annals from Warsaw School of Economics, Collegium of Economic Analysis Contact information at EDIRC.
Bibliographic data for series maintained by Michał Bernardelli ().

Page updated 2018-11-03
Handle: RePEc:sgh:annals:i:49:y:2018:p:273-286