HyunChul Joh

Learn More
Vulnerability discovery models allow prediction of the number of vulnerabilities that are likely to be discovered in the future. Hence, they allow the vendors and the end users to manage risk by optimizing resource allocation. Most vulnerability discovery models proposed use the time as an independent variable. Effort-based modeling has also been proposed,(More)
Known vulnerabilities which have been discovered but not patched represents a security risk which can lead to considerable financial damage or loss of reputation. They include vulnerabilities that have either no patches available or for which patches are applied after some delay. Exploitation is even possible before public disclosure of a vulnerability.(More)
A vulnerability discovery model describes the vulnerability discovery rate in a software system, and predicts the future behavior. It can allow the IT managers and developers to allocate their resources optimally by timely development and application of patches. Such models also allow the end-users to assess security risk in their systems. Recently,(More)
A vulnerability discovery model describes the variation in the vulnerability discovery rate during the lifetime of a software system and can be used to assess risk and to evaluate possible mitigation approaches. A few vulnerability discovery models have recently been proposed. The AML Logistic model has been found to provide the best fit in several cases.(More)
Vulnerability discovery rates need to be taken into account for evaluating security risks. Accurate projection of these rates is required to estimate the effort needed to develop patches for handling vulnerabilities discovered. Seasonal behaviors of the vulnerability discovery process for a multi-year life-cycle of software products are examined. A careful(More)
Prediction of vulnerability discovery rates can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. An examination of the vulnerability data suggests a seasonal behavior that has not been modeled by the recently proposed vulnerability discovery models. This seasonality has(More)
A vulnerability that has been discovered but is unpatched represents a security risk to a system. During the lifetime of a software system, new vulnerabilities are discovered over time. There are two opposing actors, the patch developers and the potential exploiters. An exploit can happen immediately after a disclosure, perhaps even before the disclosure if(More)
A vulnerability discovery model describes the variation in the vulnerability discovery rate during the lifetime of a software system and can be used to assess risk and to evaluate possible mitigation approaches. A few vulnerability discovery models have recently been proposed. The AML Logistic model has been found to provide the best fit in several cases.(More)
  • H Joh
  • Shinrigaku kenkyu : The Japanese journal of…
  • 1984
In this paper, we regard the coordination of spatial perspectives as the transformation-operations of coordinate system between the child's own viewpoint and the other's one. In order to clarify the developmental feature of transformation-patterns, the 6-10 years children were tested in Experiment I under three conditions: Perspective, plotting, and(More)