A1 Refereed original research article in a scientific journal
Modeling the Delivery of Security Advisories and CVEs
Authors: Ruohonen J, Hyrynsalmi S, Leppanen V
Publisher: COMSIS CONSORTIUM
Publication year: 2017
Journal: Computer Science and Information Systems
Journal name in source: COMPUTER SCIENCE AND INFORMATION SYSTEMS
Journal acronym: COMPUT SCI INF SYST
Volume: 14
Issue: 2
First page : 537
Last page: 555
Number of pages: 19
ISSN: 1820-0214
eISSN: 2406-1018
DOI: https://doi.org/10.2298/CSIS161010010R
Self-archived copy’s web address: https://research.utu.fi/converis/portal/detail/Publication/26884177
This empirical paper models three structural factors that are hypothesized to affect the turnaround times between the publication of security advisories and Common Vulnerabilities and Exposures (CVEs). The three structural factors are: (i) software product age at the time of advisory release; (ii) severity of vulnerabilities coordinated; and (iii) amounts of CVEs referenced in advisories. Although all three factors are observed to provide only limited information for statistically predicting the turnaround times in a dataset comprised of Microsoft, openSUSE, and Ubuntu operating system products, the paper outlines new research directions for better understanding the current problems related to vulnerability coordination.
Downloadable publication This is an electronic reprint of the original article. |  |
