scholarly journals An updated analysis of seasonal variations of the security vulnerability discovery process

2020 ◽  
Vol 12 (2) ◽  
pp. 122-133
Author(s):  
Ariane Santos Borges ◽  
Paulo H. R. Gabriel ◽  
Rodrigo Sanches Miani
Keyword(s):  
Operating Systems ◽  
Seasonal Variations ◽  
Replication Study ◽  
Software Systems ◽  
Discovery Process ◽  
Security Vulnerability ◽  
Vulnerability Discovery ◽  
Discovery Rates

Several factors may influence the security vulnerability discovery rates. The projection of these rates might help the development and the prioritization of software patches. Previous work studied the seasonal behaviors of the vulnerability discovery process for several operating systems and web related software systems. We propose a replication study of an experiment conducted more than a decade ago to understand the changes in the dynamics of the security vulnerability discovery rates. In contrast to the findings from ten years ago, the investigated systems do not exhibit a year-end peak. Besides, the higher incidence during mid-year months for Microsoft operating systems was only noticed for the most recent Windows OSes: Windows 8.1 and Windows 10. These results highlight the importance of reproducibility in scientific works. In the area of cybersecurity, in particular, it is important that models are created from studies conducted using updated data.

scholarly journals Software Risk Assessment for Windows Operating Systems with respect to CVSS

2019 ◽  
Vol 4 (11) ◽  
pp. 41-45
Author(s):  
HyunChul Joh
Keyword(s):  
Operating Systems ◽  
Scientific Investigation ◽  
Risk Assessments ◽  
Software Systems ◽  
Web Browsers ◽  
Software Vulnerabilities ◽  
Vulnerability Discovery ◽  
Quantitative Examination ◽  
Software Risk ◽  
The Given

CVSS is recognized as a de facto standard for categorizing and measuring software vulnerabilities in both how easy for exploitation for the given security bug and how much impact on a system having the vulnerability in a sense of the three security factors. Meanwhile, since the early 2000s, quantitative risk assessments of software systems had been able to be examined thanks to the accumulated enough datasets for a scientific investigation. However, there are still a lot of research attempts not to be taken in a quantitative examination of software risk assessments. In this paper, we are quantitatively analyzing CVSS scores in vulnerabilities from the three most recent Windows products, namely, Windows 7, Windows 8.1 and Windows 10. The result shows that AML vulnerability discovery model represents Windows vulnerability discovery trend reasonably. Furthermore, we found explicitly that, most of the time, security bugs are compromised with no authentication required systems. This result is corresponding with the output from the previous research based on Web browsers.

Mining Software Specifications

2009 ◽  
pp. 495-503
Author(s):  
David Lo ◽  
Siau-Cheng Khoo
Keyword(s):  
Operating Systems ◽  
Program Verification ◽  
Program Comprehension ◽  
Software Systems ◽  
Software Projects ◽  
Software Cost ◽  
Vending Machines ◽  
Software Specifications ◽  
Short Time ◽  
Market Requirement

Software is a ubiquitous component in our daily life. It ranges from large software systems like operating systems to small embedded systems like vending machines, both of which we frequently interact with. Reducing software related costs and ensuring correctness and dependability of software are certainly worthwhile goals to pursue. Due to the short-time-to-market requirement imposed on many software projects, documented software specifications are often lacking, incomplete and outdated (Deelstra, Sinnema & Bosch 2004). Lack of documented software specifications contributes to difficulties in understanding existing systems. The latter is termed program comprehension and is estimated to contribute up to 45% of total software cost which goes to billions of dollars (Erlikh 2000, Standish 1984; Canfora & Cimitile 2002; BEA 2007). Lack of specifications also hampers automated effort of program verification and testing (Ammons, Bodik & Larus 2002).

Reusing Services through Context-Aware Discovery and Adaptation in Pervasive Systems

2014 ◽  
pp. 1956-2013
Author(s):  
Javier Cubo ◽  
Ernesto Pimentel
Keyword(s):  
The Other ◽  
Software Systems ◽  
Adaptation Process ◽  
Context Aware ◽  
Discovery Process ◽  
Standard Practice ◽  
Pervasive Systems ◽  
Develop Software ◽  
The One ◽  
Adaptation Processes

Reusing of software entities, such as components or services, to develop software systems has matured in recent years. However, it has not become standard practice yet, since using pre-existing software requires the selection, composition, adaptation, and evolution of prefabricated software parts. Recent research approaches have independently tackled the discovery, composition, or adaptation processes. On the one hand, the discovery process aims at discovering the most suitable services for a request. On the other hand, the adaptation process solves, as automatically as possible, mismatch cases which may be given at the different interoperability levels among interfaces by generating a mediating adaptor based on an adaptation contract. In this chapter, the authors present the DAMASCo framework, which focuses on composing services in mobile and pervasive systems accessed through their public interfaces, by means of context-aware discovery and adaptation. DAMASCo has been implemented and evaluated on several examples.

Reusing Services through Context-Aware Discovery and Adaptation in Pervasive Systems

2012 ◽  
pp. 90-147
Author(s):  
Javier Cubo ◽  
Ernesto Pimentel
Keyword(s):  
The Other ◽  
Software Systems ◽  
Adaptation Process ◽  
Context Aware ◽  
Discovery Process ◽  
Standard Practice ◽  
Pervasive Systems ◽  
Develop Software ◽  
The One ◽  
Adaptation Processes

Reusing of software entities, such as components or services, to develop software systems has matured in recent years. However, it has not become standard practice yet, since using pre-existing software requires the selection, composition, adaptation, and evolution of prefabricated software parts. Recent research approaches have independently tackled the discovery, composition, or adaptation processes. On the one hand, the discovery process aims at discovering the most suitable services for a request. On the other hand, the adaptation process solves, as automatically as possible, mismatch cases which may be given at the different interoperability levels among interfaces by generating a mediating adaptor based on an adaptation contract. In this chapter, the authors present the DAMASCo framework, which focuses on composing services in mobile and pervasive systems accessed through their public interfaces, by means of context-aware discovery and adaptation. DAMASCo has been implemented and evaluated on several examples.

Sign in / Sign up

Export Citation Format

Share Document