{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T01:11:58Z","timestamp":1782868318730,"version":"3.54.5"},"reference-count":25,"publisher":"IGI Global Scientific Publishing","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016,10]]},"abstract":"<jats:p>With growing concern for security, the researchers began with the quantitative modeling of vulnerabilities termed as vulnerability discovery models (VDM). These models aim at finding the trend of vulnerability discovery with time and facilitate the developers in patch management, optimal resource allocation and assessing associated security risks. Among the existing models for vulnerability discovery, Alhazmi-Malaiya Logistic Model (AML) is considered the best fitted model on all kinds of datasets. But, each of the existing models has a predefined basic shape and can only fit datasets following their basic shapes. Thus, shape of the dataset forms the decisive parameter for model selection. In this paper, the authors have proposed a new model to capture a wide variety of datasets irrespective of their shape accounting for better goodness of fit. The proposed model has been evaluated on three real life datasets each for open and closed source software and the models are ranked based on their suitability to discover vulnerabilities using normalized criteria distance (NCD) technique.<\/jats:p>","DOI":"10.4018\/ijsse.2016100102","type":"journal-article","created":{"date-parts":[[2017,1,25]],"date-time":"2017-01-25T11:02:08Z","timestamp":1485342128000},"page":"19-38","source":"Crossref","is-referenced-by-count":10,"title":["Vulnerability Discovery Modeling for Open and Closed Source Software"],"prefix":"10.4018","volume":"7","author":[{"given":"Ruchi","family":"Sharma","sequence":"first","affiliation":[{"name":"Department of Computer Engineering, Netaji Subhas Institute of Technology, New Delhi, India"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ritu","family":"Sibal","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Netaji Subhas Institute of Technology, New Delhi, India"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"A.K.","family":"Shrivastava","sequence":"additional","affiliation":[{"name":"Amity Center for Interdisciplinary Research, Amity University, Noida, India"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"2432","reference":[{"key":"IJSSE.2016100102-0","first-page":"615","article-title":"Quantitative vulnerability assessment of systems software.","author":"O. H.Alhazmi","year":"2005","journal-title":"Proc. annual reliability and maintainability symposium"},{"key":"IJSSE.2016100102-1","first-page":"10","article-title":"Modeling the vulnerability discovery process.","author":"O. H.Alhazmi","year":"2005","journal-title":"16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05)"},{"key":"IJSSE.2016100102-2","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2006.26"},{"key":"IJSSE.2016100102-3","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2008.916872"},{"key":"IJSSE.2016100102-4","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.10.002"},{"key":"IJSSE.2016100102-5","author":"R.Anderson","year":"2002","journal-title":"Security in open versus closed systems\u2014the dance of Boltzmann, Coase and Moore. Technical report"},{"key":"IJSSE.2016100102-6","author":"R. M.Brady","year":"1999","journal-title":"Murphy's law, the fitness of evolving species, and the limits of software reliability (No. 471)"},{"key":"IJSSE.2016100102-7","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-34226-5_6"},{"key":"IJSSE.2016100102-8","doi-asserted-by":"publisher","DOI":"10.1109\/TR.1979.5220566"},{"key":"IJSSE.2016100102-9","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2008.32"},{"key":"IJSSE.2016100102-10","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-85729-204-9"},{"key":"IJSSE.2016100102-11","doi-asserted-by":"publisher","DOI":"10.1109\/ABLAZE.2015.7155000"},{"key":"IJSSE.2016100102-12","doi-asserted-by":"publisher","DOI":"10.1109\/HASE.2007.55"},{"key":"IJSSE.2016100102-13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31063-8_11"},{"key":"IJSSE.2016100102-14","first-page":"230","article-title":"A logarithmic Poisson execution time model for software reliability measurement.","author":"J. D.Musa","year":"1984","journal-title":"Proceedings of the 7th international conference on Software engineering"},{"key":"IJSSE.2016100102-15","unstructured":"NIST. (n. d.). National Vulnerability Database. Retrieved from https:\/\/nvd.nist.gov\/"},{"key":"IJSSE.2016100102-16","doi-asserted-by":"publisher","DOI":"10.1007\/s40595-013-0003-4"},{"key":"IJSSE.2016100102-17","doi-asserted-by":"publisher","DOI":"10.1049\/ic:20040275"},{"key":"IJSSE.2016100102-18","doi-asserted-by":"publisher","DOI":"10.1007\/s12130-999-1026-0"},{"key":"IJSSE.2016100102-19","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.17"},{"key":"IJSSE.2016100102-20","unstructured":"Robles, G. (2004). A software engineering approach to libre software. Open Source Jahrbuch, 2004."},{"key":"IJSSE.2016100102-21","doi-asserted-by":"crossref","unstructured":"Schryen, G. (2009). Security of open source and closed source software: An empirical comparison of published vulnerabilities.","DOI":"10.1145\/1529282.1529731"},{"key":"IJSSE.2016100102-22","doi-asserted-by":"publisher","DOI":"10.1145\/1529282.1529731"},{"key":"IJSSE.2016100102-23","doi-asserted-by":"publisher","DOI":"10.1109\/ABLAZE.2015.7154992"},{"key":"IJSSE.2016100102-24","article-title":"An analysis of the vulnerability discovery process in web browsers.","author":"S. W.Woo","year":"2006","journal-title":"Proceedings of the 10th IASTED International Conference on Software Engineering and Applications"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=176399","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,17]],"date-time":"2019-09-17T19:56:10Z","timestamp":1568750170000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJSSE.2016100102"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2016,10]]},"references-count":25,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.4018\/ijsse.2016100102","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,10]]}}}