Tampere University of Technology

TUTCRIS Research Portal

Software vulnerability life cycles and the age of software products: An empirical assertion with operating system products

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Details

Original languageEnglish
Title of host publicationAdvanced Information Systems Engineering Workshops - CAiSE 2016 International Workshops, Proceedings
PublisherSpringer Verlag
Pages207-218
Number of pages12
ISBN (Print)9783319395630
DOIs
Publication statusPublished - 2016
Externally publishedYes
Publication typeA4 Article in a conference publication
Event28th Conference on Advanced Information Systems Engineering, CAiSE 2016 held in conjunction with ASDENCA, BumDISE, COGNISE, EnBIS, EM, WISSE 2016 - Ljubljana, Slovenia
Duration: 13 Jun 201617 Jun 2016

Publication series

NameLecture Notes in Business Information Processing
Volume249
ISSN (Print)18651348

Conference

Conference28th Conference on Advanced Information Systems Engineering, CAiSE 2016 held in conjunction with ASDENCA, BumDISE, COGNISE, EnBIS, EM, WISSE 2016
CountrySlovenia
CityLjubljana
Period13/06/1617/06/16

Abstract

This empirical paper examines whether the age of software products can explain the turnaround between the release of security advisories and the publication vulnerability information. Building on the theoretical rationale of vulnerability life cycle modeling, this assertion is examined with an empirical sample that covers operating system releases from Microsoft and two Linux vendors. Estimation is carried out with a linear regression model. The results indicate that the age of the observed Microsoft products does not affect the turnaround times, and only feeble statistical relationships are present for the examined Linux releases. With this negative result, the paper contributes to the vulnerability life cycle modeling research by presenting and rejecting one theoretically motivated and previously unexplored question. The rejection is also a positive result; there is no reason for users to fear that the turnaround times would significantly lengthen as operating system releases age.