Title | ||
---|---|---|
Poster: Towards Automated Quantitative Analysis and Forecasting of Vulnerability Discoveries in Debian GNU/Linux |
Abstract | ||
---|---|---|
Quantitative analysis and forecasting of software vulnerability discoveries is important for patching cost and time estimation, and as input to security metrics and risk assessment methodologies. However, as of now, quantitative studies (a) require considerable manual effort, (b) make use of noisy datasets, and (c) are especially challenging to reproduce. In this poster abstract we describe our ongoing work towards quantitative analysis of vulnerabilities in Debian GNU/Linux packages. We focus on the challenges of making the process as automated and reproducible as possible, while collecting good-quality data necessary for the analysis. We then state a number of interesting hypotheses that can be investigated, and present preliminary results.
|
Year | DOI | Venue |
---|---|---|
2019 | 10.1145/3319535.3363285 | Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security |
Keywords | Field | DocType |
dataset, open-source software, software security, vulnerabilities | Data science,Computer security,Computer science,Vulnerability | Conference |
ISBN | Citations | PageRank |
978-1-4503-6747-9 | 0 | 0.34 |
References | Authors | |
0 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Nikolaos D. Alexopoulos | 1 | 4 | 2.44 |
Rolf Egert | 2 | 9 | 4.19 |
Tim Grube | 3 | 19 | 7.54 |
Max Mühlhäuser | 4 | 1652 | 252.87 |