search menu icon-carat-right cmu-wordmark

Modeling the Operations of the Vulnerability Ecosystem

October 2018 Poster
Allen D. Householder

This poster describes models, metrics, datasets, and key performance indicators developed to improve vulnerability response.

Publisher:

Software Engineering Institute

Abstract

Measuring Vulnerability Response (VR) solely by VM metrics underserves defenders, due to inadequate disclosure practices upstream. This inadequacy highlights a deeper problem: while many defenders are familiar with VM practices, they do not recognize the importance of the Coordinated Vulnerability Disclosure (CVD) process that feeds into it.This work developed models, metrics, datasets, and key performance indicators for VR practices that account for CVD as well as VM.