Modeling uncertainty in software vulnerability management: a time-dependent approach to address fluctuations in discovery rates
摘要
The vulnerability discovery rate is influenced by various dynamic factors, resulting in significant variations that challenge consistent security assessments. This paper examines the key reasons for these fluctuations, including changes in scanning tools, infrastructure, evolving threat landscapes, and various uncertain conditions such as system load and network configurations. Recognizing the critical impact of these factors, the authors propose an uncertainty-based mathematical model for vulnerability discovery. The model integrates the time-dependent nature of the uncertainty function to predict and adjust discovery rates effectively. Through comprehensive analysis on various real-life vulnerability data sets, the proposed model demonstrated its capability to cater the impact of uncertainty in the discovery rate. Results obtained are backing the idea of fluctuations in discovery rates due to random factors, confirming the model's applicability. This work provides a robust framework for enhancing discovery reliability and supports security practitioners in addressing the challenges of dynamic environments.