Modeling the Delivery of Security Advisories and CVEs

Jukka Ruohonen; Sami Hyrynsalmi; Ville Leppänen

Geodesic

Parcourir par

Modeling the Delivery of Security Advisories and CVEs

Jukka Ruohonen ; Sami Hyrynsalmi ; Ville Leppänen

Computer Science and Information Systems, Tome 14 (2017) no. 2.

Voir la notice de l'article provenant de la source Computer Science and Information Systems website

Résumé

This empirical paper models three structural factors that are hypothesized to affect the turnaround times between the publication of security advisories and Common Vulnerabilities and Exposures (CVEs). The three structural factors are: (i) software product age at the time of advisory release; (ii) severity of vulnerabilities coordinated; and (iii) amounts of CVEs referenced in advisories. Although all three factors are observed to provide only limited information for statistically predicting the turnaround times in a dataset comprised of Microsoft, openSUSE, and Ubuntu operating system products, the paper outlines new research directions for better understanding the current problems related to vulnerability coordination.

Keywords: security patching, vulnerability life cycle, negative result

@article{CSIS_2017_14_2_a12,
     author = {Jukka Ruohonen and Sami Hyrynsalmi and Ville Lepp\"anen},
     title = {Modeling the {Delivery} of {Security} {Advisories} and {CVEs}},
     journal = {Computer Science and Information Systems},
     publisher = {mathdoc},
     volume = {14},
     number = {2},
     year = {2017},
     url = {http://geodesic.mathdoc.fr/item/CSIS_2017_14_2_a12/}
}

TY  - JOUR
AU  - Jukka Ruohonen
AU  - Sami Hyrynsalmi
AU  - Ville Leppänen
TI  - Modeling the Delivery of Security Advisories and CVEs
JO  - Computer Science and Information Systems
PY  - 2017
VL  - 14
IS  - 2
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/CSIS_2017_14_2_a12/
ID  - CSIS_2017_14_2_a12
ER  -

%0 Journal Article
%A Jukka Ruohonen
%A Sami Hyrynsalmi
%A Ville Leppänen
%T Modeling the Delivery of Security Advisories and CVEs
%J Computer Science and Information Systems
%D 2017
%V 14
%N 2
%I mathdoc
%U http://geodesic.mathdoc.fr/item/CSIS_2017_14_2_a12/
%F CSIS_2017_14_2_a12

Jukka Ruohonen; Sami Hyrynsalmi; Ville Leppänen. Modeling the Delivery of Security Advisories and CVEs. Computer Science and Information Systems, Tome 14 (2017) no. 2. http://geodesic.mathdoc.fr/item/CSIS_2017_14_2_a12/