Title :
Learning from experience: operating system vulnerability trends
Author :
Lee, Susan C. ; Davis, Lauren B.
Author_Institution :
Appl. Phys. Lab., Johns Hopkins Univ., MD, USA
Abstract :
Despite their failings, collections of vulnerability bulletins and incident reports still provide the best source for data that could give security engineering a quantitative basis. For this reason, we used vulnerability bulletins to extract statistics about the security of common products; specifically the diverse security characteristics of operating systems in the Windows, Unix, and Linux families. In many cases, the data that was available, rather than security engineering requirements, dictated which statistics we derived. Nevertheless, our findings provide interesting insights into how the various products differ and suggest which security mechanisms would most effectively protect different system designs.
Keywords :
Unix; operating systems (computers); security of data; software reliability; Linux; Unix; Windows; data security; incident reports; operating system vulnerability; statistics; system designs; vulnerability bulletins; Acoustical engineering; Data engineering; Data security; Design engineering; Information security; Information systems; Operating systems; Reliability engineering; Software testing; Statistics;
Journal_Title :
IT Professional
DOI :
10.1109/MITP.2003.1176486
