Abstract
Users’ demand of reliable software in zero time has made the software development more complex. If software industry fails in fulfilling the demands, then it may undergo big penalties and revenue loss. The developers are pressurized subject to resource constraints provided by the management. Despite such fact, software experiences various validation (testing) processes before its release; faults and vulnerabilities are still left undetected that later lack the quality of the product. The only feasible solution for resisting from the lack after the release of software is patch development. Generally, the patches developed for fixing faults and vulnerabilities are a separate process which requires extra resources that increases the total development cost and time. In this paper, we have proposed a cost framework that solves the problem of optimizing the patch release time with two different approaches. Here, the first approach has considered the release of a single patch that fixes both faults and vulnerabilities jointly. As the severity of vulnerabilities is much higher than the faults, the second approach considered the release of two patches where the first patch has fixed both faults and vulnerabilities jointly and other patch specifically fixed only vulnerabilities. The detailed illustration of the method is presented in the proposed paper. The case study is presented at the end for the validation purpose.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Schultz Jr EE, Brown DS, Longstaff TA Responding to Computer Security Incidents. Lawrence Livermore National Laboratory. ftp://ftp.cert.dfn.de/pub/docs/csir/ihg.ps.gz, July 23 1990
Kapur PK, Pham H, Gupta A, Jha PC (2011) Software reliability assessment with OR applications. Springer, London
Ven K, Mannaert H (2008) Challenges and strategies in the use of open source software by independent software vendors. Inf Softw Technol 50(9):991–1002
Alhazmi OH, Malaiya YK (2005, November) Modeling the vulnerability discovery process. In 16th IEEE International Symposium on Software Reliability Engineering (ISSRE’05). IEEE, pp 10–pp
Arora A, Telang R, Xu H (2004) Optimal time disclosure of software vulnerabilities. In: conference on information systems and technology, Denver CO, October (pp 23-2)
Choi JP, Fershtman C (2005) Internet security, vulnerability disclosure and software provision
August T, Tunca TI (2006) Network software security and user incentives. Manag Sci 52(11):1703–1720
Telang R, Wattal S (2005) Impact of vulnerability disclosure on market value of software vendors: an empirical analysis. In: Proceedings of the fourth annual Workshop on Economics and Information Security (WEIS’06)
Okamura H, Tokuzane M, Dohi T (2009). Optimal security patch release timing under non-homogeneous vulnerability-discovery processes. In: 2009 20th International Symposium on Software Reliability Engineering. IEEE, pp 120–128
Cavusoglu H, Cavusoglu H, Zhang J (2008) Security patch management: share the burden or share the damage? Manag Sci 54(4):657–670
Luo C, Okamura H, Dohi T (2016) Optimal planning for open source software updates. Proc Inst Mech Eng Part O J Risk Reliab 230(1):44–53
Dey D, Lahiri A, Zhang G (2015) Optimal policies for security patch management. INFORMS J Comput 27(3):462–477
Jiang Z, Sarkar S, Jacob VS (2012) Postrelease testing and software release policy for enterprise-level systems. Inf Syst Res 23(3-part-1):635–657
Kapur PK, Shrivastava AK (2015, September). Release and testing stop time of a software: a new insight. In: 2015 4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions). IEEE, pp 1–7
Alhazmi OH, Malaiya YK, Ray I (2007) Measuring, analyzing and predicting security vulnerabilities in software systems. Comput Secur 26(3):219–228
Foundations, C (1997) Protecting America’s infrastructures. The Report of the
Tohma Y et al 1990 Parameter estimation of the hyper-geometric distribution model for real test/debug data. Tokyo Institute of Technology
Lyu MR (1996) Handbook of software reliability engineering, 222. IEEE Computer Society Press, Los Alamitos
Rescorla E (2005) Is finding security holes a good idea? IEEE Secur Priv 3(1):14–19
Nizovtsev D, Thursby M (2005). Economic analysis of incentives to disclose software vulnerabilities. In WEIS
Kansal Y, Kumar D, Kapur PK, Vulnerability Patch Modeling, Communicated
Kansal Y, Singh G, Kumar U, Kapur PK Optimal release and patching time of software with warranty. Int J Syst Assur Eng Manag, 1–7
Kapur PK, Garg RB, Kumar S (1999) Contributions to hardware and software reliability. World Scientific
Kapur PK, Pham H, Gupta A, Jha PC (2011) Software reliability assessment with OR applications. Springer, London
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Kansal, Y., Kumar, U., Kumar, D., Kapur, P.K. (2018). Fixing of Faults and Vulnerabilities via Single Patch. In: Kapur, P., Kumar, U., Verma, A. (eds) Quality, IT and Business Operations. Springer Proceedings in Business and Economics. Springer, Singapore. https://doi.org/10.1007/978-981-10-5577-5_15
Download citation
DOI: https://doi.org/10.1007/978-981-10-5577-5_15
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-5576-8
Online ISBN: 978-981-10-5577-5
eBook Packages: Business and ManagementBusiness and Management (R0)