Vulnerability Patch Modeling

Abstract

The Information Technology products are suffering from various security issues due to the flaws residing in the software system. These flaws allow the violations of security policy and leads into vulnerability. Once the associated user discovers vulnerability the number of intrusions increases until the vendor releases a patch. The patching process helps in maintaining the stability of the software and reduces the probability of damage potential. Even after diffusion and installation whether the patch has successfully removed the vulnerability or not is of great importance. Patch failures creates more vulnerabilities and leads into disaster for developing organizations and users. Thus the success rate of patch is also an unavoidable factor on the basis of which the intrusion rate can be judged. Here in this paper we propose a vulnerability patch modeling that addresses the patching of vulnerabilities that are either discovered by external user or internal user. We also discuss after installation what leads a patch towards failure and what will be its impact on an intact system. The model also provides measures to estimate the potential unsuccessful patch rate that will help developers in logistic planning while patch development. We have used three datasets of different domain to validate the model. A numerical with different goodness of fit criteria is also illustrated in the paper.