Impact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis
نویسندگان
چکیده
Vulnerability disclosure is an area of public policy that has been subject to considerable debate, particularly between proponents of full and instant disclosure, and those of limited or no disclosure. This paper is an attempt to empirically test the impact of vulnerability information disclosure and availability of patches on attackers’ tendency to exploit vulnerabilities on one hand and on the vendors’ tendency to release patches on the other. Our results suggest that while vendors are quick to respond to instant disclosure, vulnerability disclosure also increases the frequency of attacks. However, the frequency of attacks decreases over time. We also find that open source vendors patch more quickly than closed source vendors and that large vendors are more responsive.
منابع مشابه
Does information security attack frequency increase with vulnerability disclosure? An empirical analysis
Research in information security, risk management and investment has grown in importance over the last few years. However, without reliable estimates on attack probabilities, risk management is difficult to do in practice. Using a novel data set, we provide estimates on attack propensity and how it changes with disclosure and patching of vulnerabilities. Disclosure of software vulnerability has...
متن کاملAn Empirical Analysis of Software Vendors' Patching Behavior: Impact of Vulnerability Disclosure
One key aspect of better and more secure software is timely and reliable patching of vulnerabilities by software vendors. Recently, software vulnerability disclosure, which refers to the publication of vulnerability information before a patch to fix the vulnerability has been issued by the software vendor, has generated intense interest and debate. In particular, there have been arguments made ...
متن کاملAn Empirical Analysis of Software Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure
A aspect of better and more secure software is timely patch release by software vendors for the vulnerabilities in their products. Software vulnerability disclosure, which refers to the publication of vulnerability information, has generated intense debate. An important consideration in this debate is the behavior of software vendors. How quickly do vendors patch vulnerabilities and how does di...
متن کاملAn Empirical Analysis of Vendor Response to Disclosure Policy
Software vulnerability disclosure has generated intense interest and debate. In particular, there have been arguments made both in opposition to and in favor of alternatives such as full and instant disclosure and limited or no disclosure. An important consideration in this debate is the behavior of the software vendor. Does vulnerability disclosure policy have an effect on patch release behavi...
متن کاملSoftware Vulnerability Disclosure and its Impact on Exploitation: An Empirical Study
In a networked world, computer systems are highly exposed to the attacks of worms / viruses. Many of these attacks stem from the vulnerabilities in the software code. One of the issues that plagues the information security area is the publicly available information about the vulnerabilities in popular software applications. This information has been put to good as well as bad use by people in t...
متن کامل