ABSTRACT
Very recently the emphasis on software security has motivated many researchers towards identifying major attributes of security. One such area is in investigating the potential number of vulnerabilities present in the current or future release of software using various modeling techniques. Many security vulnerabilities have been reported in the Windows and Linux operating systems. To mitigate the risk associated with these vulnerabilities the developers as well as the users must use their significant resources. This chapter discusses the quantitative models proposed in the software security literature called the vulnerability discovery model for predicting the total number of vulnerabilities detected, identified, or discovered during the operational phase of the software. Also discussed is the vulnerability discovery model based on coverage, user dependent, and effort dependent. The chapter describes the vulnerability patching models and combined discovery and patching models. In addition, the vulnerability discovery process for multi-release versions of a software has been studied for predicting the expected number of vulnerabilities in each version of software. This chapter describes the modeling framework of the vulnerability discovery models and vulnerability patching models.
