Derivation of metrics for effective evaluation of vulnerability assessment technology

Author

Darwin Edward Ammala

Issuing Body

Mississippi State University

Advisor

Vaughn, Rayford

Committee Member

Dampier, David

Committee Member

Bridges, Susan

Date of Degree

5-8-2004

Document Type

Graduate Thesis - Open Access

Major

Computer Science

Degree Name

Master of Science

College

James Worth Bagley College of Engineering

Department

Department of Computer Science and Engineering

Abstract

Vulnerability in software receives constant attention in the media and in research. Yearly rates of disclosure of vulnerabilities in software have doubled. The discipline of Information Assurance lacks metrics that are useful in understanding vulnerability. In the problem of vulnerability assessment tool selection, users must make product choices based on results found in non-peer reviewed publications or subjective opinion. Users of vulnerability assessment tools must sift through volumes of data about their systems and are shown broad indications of the severity of the problems ? often a high-medium-low ranking, which varies between tools. A need exists for metrics and a selection model for tool quality assessment. This study addresses these needs by analysis of the discipline of vulnerability assessment and remediation from first principles, and presents an organized approach and a bestit metrics based model for selecting vulnerability assessment tools.

URI

https://hdl.handle.net/11668/16392

Recommended Citation

Ammala, Darwin Edward, "Derivation of metrics for effective evaluation of vulnerability assessment technology" (2004). Theses and Dissertations. 1285.
https://scholarsjunction.msstate.edu/td/1285