Title: Vulnerability distribution scoring for software product security assessment

Authors: Hassan Rasheed

Addresses: Taif University, Taif, Saudi Arabia

Abstract: Objective and measurable enterprise security remains elusive despite the increasing importance of IT security in many organisations. Some security assurance tasks within the field are subject to significant theoretical and technical challenges. One area in which progress is more tangible is software security assessment. Despite some shortcomings in the available data, there is still enough information available to begin making more detailed analyses which can improve decision making on enterprise security. The current study presents an approach for software security assessment called Vulnerability Distribution Scoring which evaluates a software product based on the characteristics of the vulnerabilities it has exhibited. Results are presented from applying the approach to the national vulnerability database (NVD) and demonstrate an effective means of rating the security of software products and software vendors.

Keywords: software security assessment; enterprise security; software vulnerability analysis; software vulnerabilities; software products; software vendors.

DOI: 10.1504/IJICS.2014.066653

International Journal of Information and Computer Security, 2014 Vol.6 No.3, pp.270 - 285

Accepted: 11 Jul 2014
Published online: 14 Jan 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article