Vulnerability Discovery and Remediation

What Does Vulnerability Discovery and Remediation Mean?

Vulnerability discovery and remediation is a process that addresses the problem of a system being exploited by intruders and the use of algorithms, known as vulnerability discovery models (VDMs). These work together with measures designed to prevent the detection of vulnerabilities or to reduce their impact to a non-critical effect in a process known as vulnerability remediation.


Techopedia Explains Vulnerability Discovery and Remediation

Once software is designed, any existing vulnerabilities can be identified with the help of the following VDM algorithms:

  • Anderson thermodynamic model: Originally designed for software reliability. If a number of vulnerabilities are left after executing a specified number of tests, the model assumes that when a vulnerability is encountered it is removed and no new bugs are introduced.
  • Alhazmi-Malaiya logistic (AML) model: It assumes three phases in software development as rise, peak, and fall. The attention paid to software is high and increases till it reaches a peak and falls when a newer version of the software is made. The rate at which vulnerabilities are discovered is very high. It reaches saturation and starts declining, since most vulnerability gets fixed in the later stages and less attention is paid to the software.
  • Rescola linear model: Vulnerability detecting tests have been defined by Rescola as linear model and exponential model statistical tests. In the former, the number of vulnerabilities discovered is divided and computed over fixed periods of time, while in the latter an exponential factor, lambda, is used to compute the vulnerability over the time period.
  • Logarithmic Poisson model: It uses a logarithmic set of parameters along with a Poisson curve to determine vulnerability discovery as software development progresses. It is also known as the Musa-Okomoto model.

Related Terms

Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.