Vulnerability Discovery and Remediation

Vulnerability discovery and remediation is a process that addresses the problem of a system being exploited by intruders and the use of algorithms, known as vulnerability discovery models (VDMs). These work together with measures designed to prevent the detection of vulnerabilities or to reduce their impact to a non-critical effect in a process known as vulnerability remediation.

Once software is designed, any existing vulnerabilities can be identified with the help of the following VDM algorithms:

• Anderson thermodynamic model: Originally designed for software reliability. If a number of vulnerabilities are left after executing a specified number of tests, the model assumes that when a vulnerability is encountered it is removed and no new bugs are introduced.
• Alhazmi-Malaiya logistic (AML) model: It assumes three phases in software development as rise, peak, and fall. The attention paid to software is high and increases till it reaches a peak and falls when a newer version of the software is made. The rate at which vulnerabilities are discovered is very high. It reaches saturation and starts declining, since most vulnerability gets fixed in the later stages and less attention is paid to the software.
• Rescola linear model: Vulnerability detecting tests have been defined by Rescola as linear model and exponential model statistical tests. In the former, the number of vulnerabilities discovered is divided and computed over fixed periods of time, while in the latter an exponential factor, lambda, is used to compute the vulnerability over the time period.
• Logarithmic Poisson model: It uses a logarithmic set of parameters along with a Poisson curve to determine vulnerability discovery as software development progresses. It is also known as the Musa-Okomoto model.