TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Modeling the Delivery of Security Advisories and CVEs

Tutkimustuotosvertaisarvioitu

Standard

Modeling the Delivery of Security Advisories and CVEs. / Ruohonen, Jukka; Hyrynsalmi, Sami; Leppänen, Ville.

julkaisussa: Computer Science and Information Systems, Vuosikerta 14, Nro 2, 06.2017, s. 537-555.

Tutkimustuotosvertaisarvioitu

Harvard

Ruohonen, J, Hyrynsalmi, S & Leppänen, V 2017, 'Modeling the Delivery of Security Advisories and CVEs', Computer Science and Information Systems, Vuosikerta. 14, Nro 2, Sivut 537-555. https://doi.org/10.2298/CSIS161010010R

APA

Ruohonen, J., Hyrynsalmi, S., & Leppänen, V. (2017). Modeling the Delivery of Security Advisories and CVEs. Computer Science and Information Systems, 14(2), 537-555. https://doi.org/10.2298/CSIS161010010R

Vancouver

Ruohonen J, Hyrynsalmi S, Leppänen V. Modeling the Delivery of Security Advisories and CVEs. Computer Science and Information Systems. 2017 kesä;14(2):537-555. https://doi.org/10.2298/CSIS161010010R

Author

Ruohonen, Jukka ; Hyrynsalmi, Sami ; Leppänen, Ville. / Modeling the Delivery of Security Advisories and CVEs. Julkaisussa: Computer Science and Information Systems. 2017 ; Vuosikerta 14, Nro 2. Sivut 537-555.

Bibtex - Lataa

@article{9d9582e3e28e4015aaa5520b72516538,
title = "Modeling the Delivery of Security Advisories and CVEs",
abstract = "This empirical paper models three structural factors that are hypothesized to affect the turnaround times between the publication of security advisories and Common Vulnerabilities and Exposures (CVEs). The three structural factors are: (i) software product age at the time of advisory release; (ii) severity of vulnerabilities coordinated; and (iii) amounts of CVEs referenced in advisories. Although all three factors are observed to provide only limited information for statistically predicting the turnaround times in a dataset comprised of Microsoft, openSUSE, and Ubuntu operating system products, the paper outlines new research directions for better understanding the current problems related to vulnerability coordination.",
author = "Jukka Ruohonen and Sami Hyrynsalmi and Ville Lepp{\"a}nen",
year = "2017",
month = "6",
doi = "10.2298/CSIS161010010R",
language = "English",
volume = "14",
pages = "537--555",
journal = "Computer Science and Information Systems",
issn = "1820-0214",
publisher = "ComSIS Consortium",
number = "2",

}

RIS (suitable for import to EndNote) - Lataa

TY - JOUR

T1 - Modeling the Delivery of Security Advisories and CVEs

AU - Ruohonen, Jukka

AU - Hyrynsalmi, Sami

AU - Leppänen, Ville

PY - 2017/6

Y1 - 2017/6

N2 - This empirical paper models three structural factors that are hypothesized to affect the turnaround times between the publication of security advisories and Common Vulnerabilities and Exposures (CVEs). The three structural factors are: (i) software product age at the time of advisory release; (ii) severity of vulnerabilities coordinated; and (iii) amounts of CVEs referenced in advisories. Although all three factors are observed to provide only limited information for statistically predicting the turnaround times in a dataset comprised of Microsoft, openSUSE, and Ubuntu operating system products, the paper outlines new research directions for better understanding the current problems related to vulnerability coordination.

AB - This empirical paper models three structural factors that are hypothesized to affect the turnaround times between the publication of security advisories and Common Vulnerabilities and Exposures (CVEs). The three structural factors are: (i) software product age at the time of advisory release; (ii) severity of vulnerabilities coordinated; and (iii) amounts of CVEs referenced in advisories. Although all three factors are observed to provide only limited information for statistically predicting the turnaround times in a dataset comprised of Microsoft, openSUSE, and Ubuntu operating system products, the paper outlines new research directions for better understanding the current problems related to vulnerability coordination.

U2 - 10.2298/CSIS161010010R

DO - 10.2298/CSIS161010010R

M3 - Article

VL - 14

SP - 537

EP - 555

JO - Computer Science and Information Systems

JF - Computer Science and Information Systems

SN - 1820-0214

IS - 2

ER -