Software Vulnerability and Application Security Risk
Abstract
This research investigates the software vendor-based relationships between software vulnerability and application security risk. The data is obtained from the China National Vulnerability Database of Information Security (CNNVD). At first, we use the latent class model to classify the software vendors into three categories, and then employ regression models to estimate relationships between software vulnerability and application security risk for each of the three categories of the software vendors. The results show the relationships vary across the software vendors. The findings suggest that an IT vendor should learn specific vulnerability features according to its type to effectively avoid vulnerability generation on their products.
Faculty Members
- Jianping Peng - Sun Yat-Sen University, Guang Zhou, China
- Meiwen Guo - Xinhua College of Sun Yet-Sen University, Guang Zhou, China
- Jing Quan - Salisbury University, Salisbury, USA
Themes
- IT Vendor Relationships
- Application Security Risk
- Information Security
- Software Vulnerability
Categories
- Engineering technologies
- Computer and information sciences
- Computer science
- Electrical and computer engineering nec
- Electrical and computer engineering
- Engineering technologies nec
- Computer and information sciences, other
- Informatics and information technology
- Computer and information sciences, general
- Engineering