Name
Abstract | ||
|---|---|---|
This experience report analyses security problems of modern computer systems caused by vulnerabilities in their operating systems. An aggregated vulnerability database has been developed by joining vulnerability records from two publicly available vulnerability databases: the Common Vulnerabilities and Exposures system (CVE) and the National Vulnerabilities database (NVD). The aggregated data allow us to investigate the stages of the vulnerability life cycle, vulnerability disclosure and the elimination statistics for different operating systems. The specific technical areas the paper covers are the quantitative assessment of vulnerabilities discovered and fixed in operating systems, the estimation of time that vendors spend on patch issuing, and the analysis of the vulnerability criticality and identification of vulnerabilities common for different operating systems. |
Year | DOI | Venue |
|---|---|---|
2017 | 10.1109/ISSRE.2017.20 | 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE) |
Keywords | Field | DocType |
security,vulnerability,operating systems,vulnerability databases,days-of-risk,forever-day vulnerabilities,vulnerability life cycle,vulnerability statistics | Common Vulnerabilities and Exposures,Computer science,Computer security,Vulnerability disclosure,Server,Report study,Quantitative assessment,Operating system,Vulnerability | Conference |
ISSN | ISBN | Citations |
1071-9458 | 978-1-5386-0942-2 | 0 |
PageRank | References | Authors |
0.34 | 4 | 4 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Anatoliy Gorbenko | 1 | 91 | 12.13 |
| Alexander Romanovsky | 2 | 824 | 80.19 |
| Olga Tarasyuk | 3 | 47 | 6.44 |
| Oleksandr Biloborodov | 4 | 0 | 0.68 |