ABSTRACT
Today’s software applications are vulnerable to attacks. A practical way to deal with security vulnerability is to assess the risk posed by software systems and plan accordingly by deploying necessary mechanisms such as intrusion detection systems. Unfortunately, risk assessment is not a trivial task. This is due to a lack of real-world data to compute information (attack likelihood) and the presence of subjective terms (less secure, more secure) that frequently arise. Therefore, it is important to treat
Contents 3.1 Introduction ..................................................................................................................... 50 3.2 Background .......................................................................................................................51
