Sciweavers

ESEM
2009
ACM

An empirical study of security problem reports in Linux distributions

14 years 3 months ago
An empirical study of security problem reports in Linux distributions
Existing studies on problem reports in open source projects focus primarily on the analysis of the general category of problem reports, or limit their attention to observations on the number of security problem reports. To evaluate the security of a project, it is necessary to know not only how many security problem reports are logged but also how many are exploited in the field, which problem reports and how quickly they are corrected etc. In this paper, we study publicly disclosed security problem reports from eight releases of Fedora, nine releases of Ubuntu, four releases of RedHat Enterprise Linux (RHEL) and two releases of Suse Linux distributions, analyse and discuss which type of problem reports and how frequently they are reported, and how promptly they are corrected. Overall, Fedora and Suse show good results with high and medium severity security problem reports resolved without a backlog. On the other hand, RHEL and Ubuntu show less positive results with presence of backl...
Prasanth Anbalagan, Mladen A. Vouk
Added 04 Sep 2010
Updated 04 Sep 2010
Type Conference
Year 2009
Where ESEM
Authors Prasanth Anbalagan, Mladen A. Vouk
Comments (0)