Analyses of Two End-User Software Vulnerability Exposure Metrics

@article{Wright2012AnalysesOT,
  title={Analyses of Two End-User Software Vulnerability Exposure Metrics},
  author={Jason L. Wright and Miles McQueen and Lawrence Wellman},
  journal={2012 Seventh International Conference on Availability, Reliability and Security},
  year={2012},
  pages={1-10}
}
The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new… CONTINUE READING

References

Publications referenced by this paper.
SHOWING 1-10 OF 11 REFERENCES

miliarity breeds contempt : the honeymoon effect and the role of legacy code in zero - day vulnerabilities

S. Frei S. Clark, M. Blaze, J. M. Smith
  • Annual Computer Security Applications Conference ACSAC
  • 2010

The laws of vulnerabilities 2.0

W. Kandek
  • BlackHat, Las Vegas, NV, USA, July 2009. [Online]. Available: http://laws.qualys.com/
  • 2009
VIEW 1 EXCERPT

Is finding security holes a good idea?

  • IEEE Security & Privacy
  • 2005
VIEW 1 EXCERPT