User-dependent vulnerability discovery model and its interdisciplinary nature

  • Yogita Kansal
  • P. K. Kapur
  • Uday Kumar
  • Deepak Kumar
Original Research


Software Vulnerability is a broad discipline that cannot be controlled only by the technologies. The holistic framework is required that statistically encompasses the entire security issues of IT organizations regardless of individual projects. Earlier researchers have developed several mathematical models that determined the vulnerabilities trend over time. Besides that, the most common victims of the vulnerabilities i.e., the software buyers or users were addressed theoretically without considering their impact on vulnerability discovery modeling. In this research paper, we examined the vulnerability discovery rate on the basis of potential users of commercial software. Here we propose an interdisciplinary model that highlights the relationship between the vulnerability intensity and the number of users of the software. The numerical illustration based on several real data sets is provided to validate the proposed user-dependent vulnerability discovery model.


Software vulnerability Software buyers Interdisciplinary 


  1. Alhazmi OH, Malaiya YK (2005) Modeling the vulnerability discovery process. In: 16th IEEE International Symposium on Software Reliability Engineering (ISSRE’05) pp. 10. IEEEGoogle Scholar
  2. Alhazmi OH, Malaiya YK (2008) Application of vulnerability discovery models to major operating systems. IEEE Trans Reliab 57(1):14–22CrossRefGoogle Scholar
  3. Anderson R (2002) Security in open versus closed systems—the dance of Boltzmann, Coase and Moore. Technical report, Cambridge University, EnglandGoogle Scholar
  4. Bardhan AK (2002) Modelling in software reliability and its interdisciplinary nature. Ph.D. thesis. Delhi UniversityGoogle Scholar
  5. Bass FM (1969) A new-product growth model for consumer durables. Manage Sci 15:215–227CrossRefMATHGoogle Scholar
  6. Kannan K, Telang R (2005) Market for software vulnerabilities? Think again. Manag Sci 51(5):726–740CrossRefGoogle Scholar
  7. Kansal Y, Kumar U, Kumar D, Kapur PK (2017) Prioritizing vulnerabilities using ANP and evaluating their optimal discovery and patch release time, CommunicatedGoogle Scholar
  8. Kapur PK, Bardhan AK (2002) 20. Modelling, allocation and control of resources: an interdisciplinary approach in software reliability and marketing. Recent Developments in Operational Research, 181Google Scholar
  9. Kapur PK, Garg RB (1992) A software reliability growth model for an error-removal phenomenon. Softw Eng J 7(4):291–294CrossRefGoogle Scholar
  10. Kapur PK, Garg RB, Kumar S (1999) Contributions to hardware and software reliability. World ScientificGoogle Scholar
  11. Kapur PK, Pham H, Gupta A, Jha PC (2011) Software reliability assessment with OR applications. Springer, LondonCrossRefMATHGoogle Scholar
  12. Kenny GQ (1993) Estimating defects in a commercial software during operational use. IEEE Trans Reliab 42(1):107–115CrossRefGoogle Scholar
  13. Kimura M (2006) Software vulnerability: definition, modelling, and practical evaluation for e-mail transfer software. Int J Press Vessels Pip 83(4):256–261CrossRefGoogle Scholar
  14. Kolodgy CJ (2014) Worldwide Security and Vulnerability Management 2004–2014. National Computer Center Publications, ManchesterGoogle Scholar
  15. Musa JD (1993) Operational profiles in software-reliability engineering. IEEE Softw 10(2):14–32CrossRefGoogle Scholar
  16. Okamura H, Tokuzane M, Dohi T (2009) Optimal security patch release timing under non-homogeneous vulnerability-discovery processes. In: 2009 20th International Symposium on Software Reliability Engineering. pp. 120–128). IEEEGoogle Scholar
  17. Ozment A, Schechter SE (2006) Milk or wine: does software security improve with age?. In: Usenix SecurityGoogle Scholar
  18. Rescorla E (2005) Is finding security holes a good idea? IEEE Secur Priv 3(1):14–19CrossRefGoogle Scholar
  19. Telang R, Wattal S (2007) An empirical analysis of the impact of software vulnerability announcements on firm stock price. IEEE Trans Software Eng 33(8):544–557CrossRefGoogle Scholar

Copyright information

© Society for Reliability and Safety (SRESA) 2017

Authors and Affiliations

  • Yogita Kansal
    • 1
  • P. K. Kapur
    • 2
  • Uday Kumar
    • 3
  • Deepak Kumar
    • 1
  1. 1.Amity Institute of Information TechnologyAmity UniversityNoidaIndia
  2. 2.Amity Centre for Interdisciplinary ResearchAmity UniversityNoidaIndia
  3. 3.Lulea University of TechnologyLuleaSweden

Personalised recommendations