Mitigating Vulnerability Risks in Cybersecurity Using Predictive Measures

Richmond Adebiaye

The number of vulnerability attacks and the ease with which an attack can be perpetrated have increased as the software industry and Internet use have grown. Researchers have discovered a lack of established procedures for analysis and collection of data errors generated during software development. Under such conditions, from a software developer’s perspective, the probability of releasing secured products may not be feasible, as vulnerabilities are likely to be discovered. Given the fact that there is no guaranteed vulnerability risk free software currently in existence, it is critical to understand vulnerability risks prediction and prevention measures. This study examines vulnerability risks using statistical predictive design measures based on software characteristics. The study tests the severity, frequency and diversity of vulnerability risks. Using a survey methodology to collect data from IT practitioners, and analyzing publicly available vulnerability risks information, prediction capabilities were examined and tested. The study showed cogent insights and provided clear perspectives of vulnerability risks and how software characteristics can be used as predictive measures to identify security holes. The study will ultimately help IT and Information Security experts to understand frequency and severity of vulnerability risks and proffer solutions during software development.

Alhazmi O. H. & Malaiya Y. K. (2008). “Application of Vulnerability Discovery Models to Major Operating Systems”. IEEE Trans. Reliability, March 2008, pp. 14-22. Alhazmi, O.H. & Malaiya, Y.K. (2005). “Quantitative vulnerability assessment of systems software,” Reliability and Maintainability Symposium Proceedings. Annual, vol., no.1, pp.615, 620. Anderson, R., Barton C., Böhme R., Clayton R., van Eeten M. J., Levi M., Moore T., & Savage S. (2012). “Measuring the cost of cybercrime”. The 11th Workshop on the Economics of Information Security. Chabrow, E. (March 24, 2003). “IT staffs lack financial chops for project analysis,” Information Week, 932, 20. Gallagher, R. (2013). “Cyberwar’s Gray Market- Should the secretive hacker zero-day exploit market be regulated”. Hair, J.F., Anderson, R.E., Tatham, R.L. & Black, W.C. (1998), Multivariate Data Analysis, 5th Ed., Prentice-Hall, Englewood Cliffs, NJ. John, H. C. & Malaiya Y. K. (2009). “Seasonal variation in the vulnerability discovery process,” in Software Testing Verification and Validation, ICST’09. International Conference on, 2009, pp. 191–200. Karthik K. & Rahul T. (2005). “Market for Software Vulnerabilities? Think Again,” Management Science, 51 (5): 726-740. Kothari, C. R. (2004). “Research Methodology: Methods and Techniques”. New Age International. Krueger, R. A., & Casey, M. A. (2014). “Focus Groups: A Practical Guide for Applied Research”. Sage publications. Mugenda, O. M. (2003). “Research Methods: Quantitative and Qualitative Approaches”. African Centre for Technology Studies. Ransbotham S., Mitra S., & Ramsey J. (2012). “Are Markets for Vulnerabilities Effective?” MIS Quarterly-Management Information Systems, 36 (1): 43-52. Ross, J.W. & Breath, C.M. (2002). “Beyond the Business Case: New Approaches to IT Investment,” MIT Sloan Management Review, 51–59.