A Mixed Methods Probe into the Direct Disclosure of Software Vulnerabilities

Ruohonen Jukka; Hyrynsalmi Sami; Leppänen Ville

A Mixed Methods Probe into the Direct Disclosure of Software Vulnerabilities

dc.contributor.author	Ruohonen Jukka
dc.contributor.author	Hyrynsalmi Sami
dc.contributor.author	Leppänen Ville
dc.contributor.organization	fi=ohjelmistotekniikka\|en=Software Engineering\|
dc.contributor.organization-code	1.2.246.10.2458963.20.71310837563
dc.contributor.organization-code	2610302
dc.converis.publication-id	44871605
dc.converis.url	https://research.utu.fi/converis/portal/Publication/44871605
dc.date.accessioned	2022-10-28T12:46:00Z
dc.date.available	2022-10-28T12:46:00Z
dc.description.abstract	<p>Software vulnerabilities are security-related software bugs. Direct disclosure refers to a practice that is widely used for communicating the confidential information about vulnerabilities between two parties, vulnerability discoverers and software producers. Building on software vulnerability life cycle analysis, this empirical paper observes the qualitative and quantitative characteristics of direct disclosure practices, focusing particularly on the historical problem related to producers’ reluctance to participate in the practices. According to the results, the problem was still present in the 2000s and early 2010s—and likely is still present today. By presenting this empirical result about the under researched phenomenon of direct disclosure of software vulnerabilities, the paper contributes to the research domain of vulnerability life cycle modeling in general and the subdomain of empirical vulnerability disclosure research in particular.<br></p>
dc.format.pagerange	161
dc.format.pagerange	173
dc.identifier.eissn	1873-7692
dc.identifier.jour-issn	0747-5632
dc.identifier.olddbid	178805
dc.identifier.oldhandle	10024/161899
dc.identifier.uri	https://www.utupub.fi/handle/11111/36359
dc.identifier.urn	URN:NBN:fi-fe2021042826005
dc.language.iso	en
dc.okm.affiliatedauthor	Ruohonen, Jukka
dc.okm.affiliatedauthor	Hyrynsalmi, Sami
dc.okm.affiliatedauthor	Leppänen, Ville
dc.okm.discipline	113 Computer and information sciences	en_GB
dc.okm.discipline	113 Tietojenkäsittely ja informaatiotieteet	fi_FI
dc.okm.internationalcopublication	not an international co-publication
dc.okm.internationality	International publication
dc.okm.type	A1 ScientificArticle
dc.publisher	Elsevier
dc.publisher.country	United Kingdom	en_GB
dc.publisher.country	Britannia	fi_FI
dc.publisher.country-code	GB
dc.relation.doi	10.1016/j.chb.2019.09.028
dc.relation.ispartofjournal	Computers in Human Behavior
dc.relation.volume	103
dc.source.identifier	https://www.utupub.fi/handle/10024/161899
dc.title	A Mixed Methods Probe into the Direct Disclosure of Software Vulnerabilities
dc.year.issued	2020

Tiedostot

Näytetään 1 - 1 / 1

Name:: vulndirectdisc.pdf
Size:: 825.62 KB
Format:: Adobe Portable Document Format
Description:: Final draft

Lataa

Kokoelmat

Rinnakkaistallenteet