Modeling the Delivery of Security Advisories and CVEs - UTU Tutkimustietojärjestelmä

A1 Vertaisarvioitu alkuperäisartikkeli tieteellisessä lehdessä

Modeling the Delivery of Security Advisories and CVEs

Tekijät: Ruohonen J, Hyrynsalmi S, Leppanen V

Kustantaja: COMSIS CONSORTIUM

Julkaisuvuosi: 2017

Journal: Computer Science and Information Systems

Tietokannassa oleva lehden nimi: COMPUTER SCIENCE AND INFORMATION SYSTEMS

Lehden akronyymi: COMPUT SCI INF SYST

Vuosikerta: 14

Numero: 2

Aloitussivu: 537

Lopetussivu: 555

Sivujen määrä: 19

ISSN: 1820-0214

eISSN: 2406-1018

DOI: https://doi.org/10.2298/CSIS161010010R

Rinnakkaistallenteen osoite: https://research.utu.fi/converis/portal/detail/Publication/26884177

Tiivistelmä

This empirical paper models three structural factors that are hypothesized to affect the turnaround times between the publication of security advisories and Common Vulnerabilities and Exposures (CVEs). The three structural factors are: (i) software product age at the time of advisory release; (ii) severity of vulnerabilities coordinated; and (iii) amounts of CVEs referenced in advisories. Although all three factors are observed to provide only limited information for statistically predicting the turnaround times in a dataset comprised of Microsoft, openSUSE, and Ubuntu operating system products, the paper outlines new research directions for better understanding the current problems related to vulnerability coordination.

Ladattava julkaisu

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.

1820-02141700010R.pdf