Traditional software reliability growth models limit consideration of the software reliability metrics to software testing and defect data only. In contrast, vulnerability discovery models consider post-release vulnerability data and apply software reliability growth models to future software versions. However, vulnerability data are sparse and are a subset of all undiscovered vulnerabilities, resulting in overestimating the vulnerability prediction in the next software release. Providing a secure software release within a stipulated time is challenging for developers, managers, and software testers. In this research, we consider the application of traditional software reliability growth models to study software security and develop software security growth models. This would allow researchers and program managers to quantitatively track the software security growth over time and identify software release readiness.

Saikath Bhattacharya is a postdoctoral research scholar at the NSA Science of Security Lablet at North Carolina State University. He has completed his Ph.D. from the Dependable Software and Systems Lab, Dept. of Electrical and Computer Engineering at the University of Massachusetts Dartmouth. His primary research focuses on mathematical models to study software reliability engineering and software security metrics.