iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Software Flaws Can Be Predicted
Search:
[ news_security_news ]

Software Flaws Can Be Predicted



David Utter
Staff Writer
2006-07-03

SecurityProNews: Insider Reports Insider Reports RSS Feed


A model developed at Colorado State University can make more accurate estimates of the number and severity of vulnerabilities a piece of software may contain.

The problems that develop with operating systems and other software applications force their manufacturers into a constant race with malicious crackers to patch those issues before they can become exploited.

According to Yashwant K. Malaiya, a CSU professor in the Department of Computer Sciences who was cited in a PhysOrg report, it is impossible to code something like Windows XP and have it be vulnerability-free. A model that can predict when patches will be needed would help programmers be prepared to develop and deploy them in a shorter period of time.

Citing CERT, the report noted 5,198 vulnerabilities were discovered in 2005. "Each individual vulnerability discovered can be widely reported to the public, and in some cases, it has caused the value of the stock of the company to drop," Malaiya said in the article.

The professor's group at CSU has developed a pair of complementary models for vulnerability prediction. The Alhazmi-Malaiya Logistic model projects the rate of vulnerabilities detected, as well as estimating the number of flaws per 1,000 lines of code.

Information released by CSU indicates the model has enjoyed some success. Using the model, researcher predicted that Red Hat Linux 6.2 would have few new vulnerabilities found; that number has remained unchanged at 117 despite the period of time that older version of Red Hat has been in existence.

The model also predicted in 2005 the number of Windows XP vulnerabilities reported would rapidly increase. The increase from 88 in January 2005 to the latest count of 173 apparently made XP's "vulnerability density" comparable to earlier Windows versions.

---
Tag:

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Get all the updates in RSS:




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds