Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
A Bayesian network model for likelihood estimations of acquirement of critical software vulnerabilities and exploits
KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.ORCID-id: 0000-0001-7386-7471
KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.ORCID-id: 0000-0003-3922-9606
2015 (Engelska)Ingår i: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 58, s. 304-318Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Context: Software vulnerabilities in general, and software vulnerabilities with publicly available exploits in particular, are important to manage for both developers and users. This is however a difficult matter to address as time is limited and vulnerabilities are frequent. Objective: This paper presents a Bayesian network based model that can be used by enterprise decision makers to estimate the likelihood that a professional penetration tester is able to obtain knowledge of critical vulnerabilities and exploits for these vulnerabilities for software under different circumstances. Method: Data on the activities in the model are gathered from previous empirical studies, vulnerability databases and a survey with 58 individuals who all have been credited for the discovery of critical software vulnerabilities. Results: The proposed model describes 13 states related by 17 activities, and a total of 33 different datasets. Conclusion: Estimates by the model can be used to support decisions regarding what software to acquire, or what measures to invest in during software development projects.

Ort, förlag, år, upplaga, sidor
2015. Vol. 58, s. 304-318
Nyckelord [en]
Cyber security, Vulnerabilities, Exploits, Statistical model, Security metrics
Nationell ämneskategori
Data- och informationsvetenskap
Identifikatorer
URN: urn:nbn:se:kth:diva-159347DOI: 10.1016/j.infsof.2014.07.001ISI: 000347022800018Scopus ID: 2-s2.0-84914169057OAI: oai:DiVA.org:kth-159347DiVA, id: diva2:785108
Anmärkning

QC 20150202

Tillgänglig från: 2015-02-02 Skapad: 2015-01-29 Senast uppdaterad: 2018-01-11Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltextScopus

Personposter BETA

Korman, MatusEkstedt, Mathias

Sök vidare i DiVA

Av författaren/redaktören
Holm, HannesKorman, MatusEkstedt, Mathias
Av organisationen
Industriella informations- och styrsystem
I samma tidskrift
Information and Software Technology
Data- och informationsvetenskap

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetricpoäng

doi
urn-nbn
Totalt: 305 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf