Vulnerability discovery & software security

This dissertation is the result of my own work and includes nothing which is the outcome of work done in collaboration except where specifically indicated in the text. This dissertation does not exceed the regulation length of 60,000 words, including tables and footnotes, but excluding the bibliography and appendix. Acknowledgements My work has been supported at various times by a Marshall Scholarship; Magda-lene College, Cambridge; the Cambridge Trust; a UK Overseas Research Scholarship; the Institute for Information Infrastructure Protection (The I3P); and MIT Lincoln Laboratory. I am thankful for this support and for the wonderful individuals at these institutions who work tirelessly to promote good research. I gratefuly acknowledge the support of my supervisor, Ross Anderson, in this endeavor. His insight and provocative questions have helped me to become a better researcher and a better computer scientist. Stuart E. Schechter has been a mentor and a friend. He has taught me the value of collaboration, and I have been lucky enough to work directly with him. His strong sense of academic ethics and his research 'manners' will continue to guide me throughout my career. Robert Cunningham has been a stalwart friend and supporter. His suggestions have often caused me to swear—because they usually meant I'd missed something important! Shari Lawrence Pfleeger has encouraged me and challenged me at just the right times. The quality of this dissertation has been significantly improved by her questions concerning my definitions and her suggestions about important literature. Richard P. Lippman has provided patient tutoring in statistics. All of my statistics that are right are due to him; all that are wrong are, unfortunately, my own fault. I am extraordinarily fortunate to have the support, humor, adventurousness, and eccentricity of Ragnhild Handagard upon which to rely. My sanity at the end of this process is due entirely to her. (Any insanity is only partially her fault.) Finally, this work could not have happened without the loving support of my parents, Buck and Susan Ozment. I am incredibly lucky to have been raised by such smart, hard-working, and caring individuals: all that I have accomplished in my life is due to their efforts. Their example continues to inspire and inform my actions. Summary An effective means of measuring software security—and the likelihood of vulnerability discovery—would be a significant aid in increasing that security. One proposed technique for better understanding software security is to model vulnerability discovery. …