11Nov/090
Vulnerability Engineering
In this article we are going to use some metrics from Software Engineering and apply them to the Vulnerability Research World. We are going to define a new term which will allow us get a probabilty showing how likely is an application to have a vulnerability during its lifetime and also will give an idea of the Software Reliability.
Let's start defining two well-known metrics MTTR and MTBF but within our context:
- MTTR (Mean Time To Repear): Specify the average time a company takes to fix a vulnerability.
- MTBF (Mean Time Between Failures): We are going to use this metric as the average time between to reported vulnerabilities.
Software Reliability can be calculated by the next formula:
to give prospective to the article we are named this value VFP (Vulnerability Free Probability) which shows how likely is NOT an application to have a bug during its lifetime.
