Title :
An empirical study of security problem reports in Linux distributions
Author :
Anbalagan, Prasanth ; Vouk, Mladen
Author_Institution :
Dept. of Comput. Sci., North Carolina State Univ., Raleigh, NC, USA
Abstract :
Existing studies on problem reports in open source projects focus primarily on the analysis of the general category of problem reports, or limit their attention to observations on the number of security problem reports. To evaluate the security of a project, it is necessary to know not only how many security problem reports are logged but also how many are reported and how promptly they are corrected etc. In this paper, we study publicly disclosed security problem reports from eight releases of Fedora, nine releases of Ubuntu, four releases of RedHat Enterprise Linux (RHEL) and two releases of Suse Linux distributions, analyse and discuss which type of problem reports and how frequently they are reported, and how promptly they are corrected. Overall, Fedora and Suse show good results with high and medium severity security problem reports resolved without a backlog. On the other hand, RHEL and Ubuntu show less positive results with presence of backlogs.
Keywords :
Linux; public domain software; security of data; statistical distributions; Fedora; RHEL; RedHat Enterprise Linux; Suse Linux distribution; Ubuntu; open source project; security problem report; Computer science; Computer security; Data security; Databases; Information security; Linux; National security; Software engineering; Software measurement; Statistics;
Conference_Titel :
Empirical Software Engineering and Measurement, 2009. ESEM 2009. 3rd International Symposium on
Conference_Location :
Lake Buena Vista, FL
Print_ISBN :
978-1-4244-4842-5
Electronic_ISBN :
1938-6451
DOI :
10.1109/ESEM.2009.5315985
