Software risk assessment method based on defect analysis

A technology of risk assessment and defect analysis, applied in the direction of platform integrity maintenance, etc., can solve problems such as the probability of risk occurrence and the degree of harm affecting the accuracy of software security assessment, software risk assessment errors, and difficulty in quantification.

Active Publication Date: 2013-10-23
TIANJIN UNIV
View PDF3 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Through the analysis of some traditional risk assessment models, it is found that these assessment models have the following problems: 1) Many steps in the risk assessment process require the participation of experts, and rely on the subjective experience of security experts, there are some problems that are difficult to quantify, especially in the probability of risk occurrence It directly affects the accuracy of software safety assessment
2) Many existing risk assessment models have double counting of risk events, which leads to large errors in software risk assessment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software risk assessment method based on defect analysis
  • Software risk assessment method based on defect analysis
  • Software risk assessment method based on defect analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0060] The software evaluation method of the present invention adopts the Analytic Hierarchy Process (AHP) to determine the weight value of the elements required in the risk evaluation process, and conducts a consistency check on them. By analyzing the many-to-many relationship between the functional modules and defects of the evaluated software, and the many-to-many relationship between defects and consequence attributes, the overall risk value of the software is calculated using the weighted average method, which avoids the risk to the greatest extent. Double counting of events.

[0061] Table 1: 1-9 scale method and its meaning

[0062] value Quantification of comparison results 1 of equal importance 3 slightly important 5 obviously important 7 much more important 9 extremely important 2,4,6,8 A compromise between the above two adjacent judgments the reciprocal of the above number inverse comparison

[0063] [0063...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a software risk assessment method based on defect analysis. The risk assessment method comprises the following steps of obtaining input data and an input relationship required by risk calculation through software asset identification, the defect analysis and consequence attribute evaluation, calculating consequence attribute factors of consequence attributes in functional modules, calculating risk degrees sumRtk of consequences of whole software, calculating weighted means of the risk degrees of the consequence attributes according to weights (pwti) of the functional modules of the software, obtaining the risk degrees sumRtk of the consequence attributes of the whole software, calculating a whole risk value of the software, calculating weighted means of the risk degrees of the consequence attributes of the whole software according to weights (rwtk) of the consequence attributes, obtaining a final risk value Risk of the software, evaluating a risk level, and obtaining the risk level of the software as an assessment result according to the risk value Risk of the software. The method solves the problems that risk element assignments in most risk assessment models relate to more expert opinions at present, and some assignments are unquantifiable. The method avoids repeated risk calculation to the greatest extent.

Description

technical field [0001] The invention relates to the trusted computing field; in particular, it relates to a software risk assessment method. Background technique [0002] With the rapid development of the software industry and the rapid spread through the network, the security of software products has received more and more attention. So, how to evaluate the level of software security is good or bad? Software risk assessment techniques provide a basis for evaluating software security. Software risk assessment is to use scientific methods and means from the perspective of risk management to systematically analyze the threats faced by a certain software product and its existing loopholes, and to evaluate the degree of harm that may be caused by a security defect event. Risk, or control the risk at an acceptable level, so as to provide a scientific basis for maximum protection of software security. [0003] In human social and economic activities and daily life, the word ris...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
Inventor 李晓红吴晓菲韩卓兵胡静朱明悦杜长霄
Owner TIANJIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap