Exploring the Clustering of Software Vulnerability Disclosure Notifications Across Software Vendors
| dc.contributor.author | Jukka Ruohonen | |
| dc.contributor.author | Johannes Holvitie | |
| dc.contributor.author | Sami Hyrynsalmi | |
| dc.contributor.author | Ville Leppänen | |
| dc.contributor.organization | fi=ohjelmistotekniikka|en=Software Engineering| | |
| dc.contributor.organization-code | 1.2.246.10.2458963.20.71310837563 | |
| dc.contributor.organization-code | 2610302 | |
| dc.converis.publication-id | 18410007 | |
| dc.converis.url | https://research.utu.fi/converis/portal/Publication/18410007 | |
| dc.date.accessioned | 2022-10-28T14:10:56Z | |
| dc.date.available | 2022-10-28T14:10:56Z | |
| dc.description.abstract | <p>This exploratory empirical paper investigates annual time delays between vulnerability disclosure notifications and acknowledgments by means of network analysis. These delays are approached through a potential clustering effect of vulnerabilities across software vendors. The analysis is based on a projection from bipartite vendor-vulnerability structures to one-mode vendor-vendor networks, while the hypothesized clustering effect is approached with a conventional community detection algorithm. According to the results, (a) vulnerabilities<br />cluster across vendors, (b) which also explains a portion of the time delays, although (c) the clustering is not stable annually. The computed network (d) clusters can be also interpreted by reflecting these against common software security attack surfaces. The ressults can be used to contemplate (e) practical means with<br />which the efficiency of vulnerability disclosure could be improved.<br /></p> | |
| dc.format.pagerange | 1 | |
| dc.format.pagerange | 8 | |
| dc.identifier.eisbn | 978-1-5090-4320-0 | |
| dc.identifier.isbn | 978-1-5090-4321-7 | |
| dc.identifier.issn | 2161-5322 | |
| dc.identifier.olddbid | 186753 | |
| dc.identifier.oldhandle | 10024/169847 | |
| dc.identifier.uri | https://www.utupub.fi/handle/11111/39775 | |
| dc.identifier.url | http://ieeexplore.ieee.org/document/7945696/ | |
| dc.identifier.urn | URN:NBN:fi-fe2021042716331 | |
| dc.language.iso | en | |
| dc.okm.affiliatedauthor | Ruohonen, Jukka | |
| dc.okm.affiliatedauthor | Holvitie, Johannes | |
| dc.okm.affiliatedauthor | Hyrynsalmi, Sami | |
| dc.okm.affiliatedauthor | Leppänen, Ville | |
| dc.okm.discipline | 113 Computer and information sciences | en_GB |
| dc.okm.discipline | 113 Tietojenkäsittely ja informaatiotieteet | fi_FI |
| dc.okm.internationalcopublication | not an international co-publication | |
| dc.okm.internationality | International publication | |
| dc.okm.type | A4 Conference Article | |
| dc.publisher.country | United States | en_GB |
| dc.publisher.country | Yhdysvallat (USA) | fi_FI |
| dc.publisher.country-code | US | |
| dc.publisher.place | New York | |
| dc.relation.conference | International Conference on Computer Systems and Applications | |
| dc.source.identifier | https://www.utupub.fi/handle/10024/169847 | |
| dc.title | Exploring the Clustering of Software Vulnerability Disclosure Notifications Across Software Vendors | |
| dc.title.book | Proceedings of 13th ACS/IEEE International Conference on Computer Systems and Applications AICCSA 2016 | |
| dc.year.issued | 2016 |
Tiedostot
1 - 1 / 1
Ladataan...
- Name:
- vulnet.pdf
- Size:
- 742.18 KB
- Format:
- Adobe Portable Document Format
- Description:
- Final draft