Fast Abstract: Software Selection Based on Quantitative Security Risk Assessment

Multiple software products often exist on the same server and, thus, vulnerability in one product might compromise the entire environment. Therefore security risk assessments of the candidate software products, which are evaluated to be part of a larger system, are important. Having a quantitative s...

Full description

Saved in:
Bibliographic Details
Main Authors: Das, R., Sarkani, S., Mazzuchi, T. A.
Format: Conference Proceeding
Language:English
Subjects:
Modeling
Open source software
quantitative risk assessment
Risk management
Security
software evaluation
software security
Software systems
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Multiple software products often exist on the same server and, thus, vulnerability in one product might compromise the entire environment. Therefore security risk assessments of the candidate software products, which are evaluated to be part of a larger system, are important. Having a quantitative security risk assessment model provides an objective criterion for such assessments as well as comparison between candidate software products. In this paper, we present our preliminary exploration of a software product evaluation method using such a quantitative security risk assessment model. Our goal is to utilize prior research in quantitative security risk assessment, which is based on empirical data from the National Vulnerability Database (NVD), and compare the security risk levels of the products evaluated. We are evaluating the application of topic modeling to build a security risk assessment model. Such a procedure could help decision makers evaluate and compare open-source software (OSS) products to ensure that they are safe and secure enough to be put into their environment.
ISSN:1530-2059
2640-7507
DOI:10.1109/HASE.2012.10