An Empirical Methodology to Evaluate Vulnerability Discovery Models

An Idea of an Independent Validation of Vulnerability Discovery Models

Having a precise vulnerability discovery model (VDM) would provide a useful quantitative insight to assess software security. Thus far, several models have been proposed with some evidence supporting their goodness-of-fit. In this work we describe an independent validation of the applicability of these models to the vulnerabilities of the popular browsers Firefox, Google Chrome and Internet Exp...

A Systematically Empirical Evaluation of Vulnerability Discovery Models: a Study on Browsers' Vulnerabilities

A precise vulnerability discovery model (VDM) will provide a useful insight to assess software security, and could be a good prediction instrument for both software vendors and users to understand security trends and plan ahead patching schedule accordingly. Thus far, several models have been proposed and validated. Yet, no systematically independent validation by somebody other than the author...

An Empirical Analysis of Vulnerability Disclosure Policies

An empirical investigation into supply chain vulnerability

A growing number of academicians and practitioners have put supply chain risks on their agendas, particularly triggered by a recent series of catastrophic events that have disrupted economies and supply chains around the globe. Given the increasing awareness of this important topic, the purpose of this research was to study supply chain risks in more detail and to investigate the relationship b...

An Independent Validation of Vulnerability Discovery

Having a precise vulnerability discovery model (VDM) would provide a useful quantitative insight to assess software security. Thus far, several models have been proposed with some evidence supporting their goodness-of-fit. In this work we describe an independent validation of the applicability of six existing VDMs in seventeen releases of the three popular browsers Firefox, Google Chrome and In...