Sciweavers

ICST
2009
IEEE

Seasonal Variation in the Vulnerability Discovery Process

14 years 7 months ago
Seasonal Variation in the Vulnerability Discovery Process
Vulnerability discovery rates need to be taken into account for evaluating security risks. Accurate projection of these rates is required to estimate the effort needed to develop patches for handling vulnerabilities discovered. Seasonal behaviors of the vulnerability discovery process for a multi-year life-cycle of software products are examined. A careful inspection of the data for several major operating systems, web servers and web browsers suggests presence of a seasonal behavior that is not considered by the vulnerability discovery models. This paper examines the statistical significance of the annual seasonal pattern in the vulnerability discovery rates using the seasonal index approach. The autocorrelation function is used to identify the periodicity. A time series analysis that combines the longer term trends with cycles caused by seasonality may predict the future pattern more accurately. The analysis of the datasets for eight major operating systems and four web related soft...
HyunChul Joh, Yashwant K. Malaiya
Added 24 May 2010
Updated 24 May 2010
Type Conference
Year 2009
Where ICST
Authors HyunChul Joh, Yashwant K. Malaiya
Comments (0)