Location

Hilton Waikoloa Village, Hawaii

Event Website

http://hicss.hawaii.edu/

Start Date

1-3-2018

End Date

1-6-2018

Description

Stakeholders often conduct cyber risk assessments as a first step towards understanding and managing their risks due to cyber use. Many risk assessment methods in use today include some form of vulnerability analysis. Building on prior research and combining data from several sources, this paper develops and applies a metric to estimate the proportion of latent vulnerabilities to total vulnerabilities in a software system and applies the metric to five scenarios involving software on the scale of operating systems. The findings suggest caution in interpreting the results of cyber risk methodologies that depend on enumerating known software vulnerabilities because the number of unknown vulnerabilities in large-scale software tends to exceed known vulnerabilities.

Share

COinS
 
Jan 3rd, 12:00 AM Jan 6th, 12:00 AM

Estimating Software Vulnerability Counts in the Context of Cyber Risk Assessments

Hilton Waikoloa Village, Hawaii

Stakeholders often conduct cyber risk assessments as a first step towards understanding and managing their risks due to cyber use. Many risk assessment methods in use today include some form of vulnerability analysis. Building on prior research and combining data from several sources, this paper develops and applies a metric to estimate the proportion of latent vulnerabilities to total vulnerabilities in a software system and applies the metric to five scenarios involving software on the scale of operating systems. The findings suggest caution in interpreting the results of cyber risk methodologies that depend on enumerating known software vulnerabilities because the number of unknown vulnerabilities in large-scale software tends to exceed known vulnerabilities.

http://aisel.aisnet.org/hicss-51/st/cybersecurity_and_sw_assurance/4