Theses and Dissertations

Issuing Body

Mississippi State University


Vaughn, Rayford

Committee Member

Dampier, David

Committee Member

Bridges, Susan

Date of Degree


Document Type

Graduate Thesis - Open Access


Computer Science

Degree Name

Master of Science


James Worth Bagley College of Engineering


Department of Computer Science and Engineering


Vulnerability in software receives constant attention in the media and in research. Yearly rates of disclosure of vulnerabilities in software have doubled. The discipline of Information Assurance lacks metrics that are useful in understanding vulnerability. In the problem of vulnerability assessment tool selection, users must make product choices based on results found in non-peer reviewed publications or subjective opinion. Users of vulnerability assessment tools must sift through volumes of data about their systems and are shown broad indications of the severity of the problems ? often a high-medium-low ranking, which varies between tools. A need exists for metrics and a selection model for tool quality assessment. This study addresses these needs by analysis of the discipline of vulnerability assessment and remediation from first principles, and presents an organized approach and a bestit metrics based model for selecting vulnerability assessment tools.