Title :
Seasonality in Vulnerability Discovery in Major Software Systems
Author :
Joh, HyunChul ; Malaiya, Yashwant K.
Author_Institution :
Comput. Sci. Dept., Colorado State Univ., Fort Collins, CO
Abstract :
Prediction of vulnerability discovery rates can be used to assess security risks and to determine the resources needed to develop patches quickly to handle vulnerabilities discovered. An examination of the vulnerability data suggests a seasonal behavior that has not been modeled by the recently proposed vulnerability discovery models. This seasonality has not been identified or examined so far. This study examines whether vulnerability discovery rates for Windows NT, IIS Server and the Internet Explorer exhibit a significant annual seasonal pattern. Actual data has been analyzed using seasonal index and auto correlation function approaches to identify seasonality and to evaluate its statistical significance. The results for the three software systems show that there is indeed a significant annual seasonal pattern.
Keywords :
data mining; risk management; security of data; software engineering; IIS Server; Internet Explorer; Windows NT; autocorrelation function; security risks assessment; software systems; vulnerability discovery; Autocorrelation; Computer science; Computer security; Open source software; Reliability engineering; Software reliability; Software systems; Time measurement; Web and internet services; Web server; Seasonality; Security; Vulnerability Discovery;
Conference_Titel :
Software Reliability Engineering, 2008. ISSRE 2008. 19th International Symposium on
Conference_Location :
Seattle, WA
Print_ISBN :
978-0-7695-3405-3
Electronic_ISBN :
1071-9458
DOI :
10.1109/ISSRE.2008.31
