ABSTRACT
Vulnerabilities can be discovered by the white/black hat hackers, the firm's own detection team, reports of users, researchers, government, and so on. The reported vulnerabilities are verified by the debugging team of the software developer and quick action is taken to handle the vulnerabilities before they are exploited by the hackers. Numerous mathematical frameworks have been proposed to model the vulnerability discovery process. Anderson's thermodynamic model was the first vulnerability discovery model (VDM) and was modeled on the lines of a software reliability growth model. The most common approach to fixing a vulnerability is to provide patching service. Patches are corrective code released during the operational phase of software usually to add some functionality, to update it or to remove some bugs. In the earlier VDMs, the vulnerability detection process was considered to be independent, that is detection of one vulnerability was independent of the detection of another vulnerability.
