Models for Testing Modifiable Systems

The work describes reliability and security growth models for modifiable software systems as a result of revisions and tests performed for specified input data areas. The work shows that the known reliability growth models are of monotonically increasing type, which is not in line with current multi-version team technologies of software development that are primarily based on the open-source code. The authors suggest new non-monotonically increasing models of software reliability evaluation and planning that allow taking into account the effect of decreased reliability resulting from updates or wavefront errors. The work describes the elaborated bigeminal and generic reliability evaluation model as well as the models and test planning procedures. The work includes calculated expressions for the evaluation of the model accuracy and shows that the developed models are adequate to real data. An example is given of transition from probability models to fuzzy models in case of incomplete basic data. The work provides general recommendations for selection of software tool testing models

Periodic Monitoring and Recovery of Resources in Information Systems

This section deals with the issues of business continuity and recovery after disasters. The authors analyzed standards, laws, and regulations pertaining to the parameters of periodic monitoring and recovery in information systems. This section includes mathematical models of resources and environment periodic monitoring as well as periodic backup and recovery after interruptions or disasters. The work demonstrates that the well-known deterministic periodic monitoring and backup models do not take into account stochastic peculiarities of ergatic systems to the full extent. The authors developed new stochastic models of restricted monitoring and backup that allow taking into consideration resources constrains and random factors of information systems operation. The notion of Bernoulli stream has been introduced. This section suggests the criteria for selecting deterministic or stochastic monitoring and backup models and their combinations. A solution of direct and reverse task of the calculation of control and monitoring procedures frequency is offered. This section also provides a methodology for information system stability management, considering periodic monitoring, rollback, and recovery in case of interruption

THE EXPERIENCE OF COMPARISON OF STATIC SECURITY CODE ANALYZERS

This work presents a methodological approach to comparison of static security code analyzers. It substantiates the comparison of the static analyzers as to efficiency and functionality indicators, which are stipulated in the international regulatory documents. The test data for assessment of static analyzers efficiency is represented by synthetic sets of open-source software, which contain vulnerabilities. We substantiated certain criteria for quality assessment of the static security code analyzers subject to standards NIST SP 500-268 and SATEC. We carried out experiments that allowed us to assess a number of the Russian proprietary software tools and open-source tools. We came to the conclusion that it is of paramount importance to develop Russian regulatory framework for testing software security (firstly, for controlling undocumented features) and evaluating the quality of static security code analyzers