ABSTRACT
This chapter provides a mathematical analysis to consolidate different types of vulnerabilities into different categories. It describes how the vulnerabilities of similar nature irrespective of the types are discovered and are consolidated in a time interval according to the noncumulative vulnerability discovery at any instant. The chapter presents a mathematical derivation for the determination of different vulnerability categories based on time. It provides a numerical background to the proposed categorization of vulnerabilities using different data sets. The vulnerability discovery process under consideration is deployed after the release of a software. When someone discovers security implications in a software system, the flaw becomes a vulnerability. The vulnerabilities detected over time can be categorized based on the common vulnerability scoring system that is deployed to calculate the severity rating of each vulnerability. A software product based on operating system consists of certain types of vulnerabilities that have higher likelihood of detection as compared to a software of web applications type.
