| Software security vulnerability discovery model(VDM)has been widely used and studied as an important part of software dynamic defect prediction technology.The existing models have varies fitting accuracies,and most of the models are bases on the lifetime of the software vulnerabilities.This paper proposed a new VDM and the method of describing the discovery process after software release.This paper analyzed five typical vulnerability discovery models and summarized the discovery process of the software security vulnerabilities based on its basic conception,research status and VDM.Based on a widely used in predicting gas capacity model,this paper proposed a new VDM called R-ExM model which based on exponential growth.The model calculated the cumulative number of defects after released and the coefficients for the model.Then describe the process of vulnerabilities.This model is proposed based on the relationship of the ratio of the defects discovery rate and the cumulative defects which have a good Semi-logarithmic relationship.In the early process of vulnerable discovery,proposed a method of how to evaluate the process of the defect discovery which based on least squares.This method can describe the process of vulnerabilities accurately.This paper uses Windows XP,Apache Web Server,Windows Server 2003 and IIS to examine the validity of the R-ExM.And use insufficient data to examine the method based on least squares.At last,compare with WBM using same data to examine the validity of the model. |
PDF Full Text Request