Author(s)

Sasith M. Rajasooriya^*, Chris P. Tsokos, Pubudu Kalpani Kaluarachchi

Department of Mathematics and Statistics, University of South Florida, Tampa, Florida, USA.

The objective of the present study is to propose a risk evaluation statistical model for a given vulnerability by examining the Vulnerability Life Cycle and the CVSS score. Having a better understanding of the behavior of vulnerability with respect to time will give us a great advantage. Such understanding will help us to avoid exploitations and introduce patches for a particular vulnerability before the attacker takes the advantage. Utilizing the proposed model one can identify the risk factor of a specific vulnerability being exploited as a function of time. Measuring of the risk factor of a given vulnerability will also help to improve the security level of software and to make appropriate decisions to patch the vulnerability before an exploitation takes place.

Stochastic Modelling, Security, Risk Evaluation, Vulnerability Life Cycle, Risk Factor

Rajasooriya, S. , Tsokos, C. and Kaluarachchi, P. (2016) Stochastic Modelling of Vulnerability Life Cycle and Security Risk Evaluation. Journal of Information Security, 7, 269-279. doi: 10.4236/jis.2016.74022.