Search GSSD

Does information security attack frequency increase with vulnerability disclosure? An empirical analysis

Abstract: 
Attempts to discover how attackers' behavior changes as software vulnerability and patches are disclosed. The more disclosed the vulnerability of a software is, the more likely that software is security attacks. If a software is secretly vulnerability, there are few attacks; if the software is patched, there are more attacks; and if the vulnerability is fully disclosed, there are even more attacks. Also, distribution of patches helps teach attackers the flaws of the software. However, if an already-known vulnerability is patched, then there is an initial decrease in attacks, though the number of attacks gradually increases over time.
Author: 
Ashish Arora, Anand Nandkumar and Rahul Telang.
Institution: 
Carnegie Mellon University
Year: 
2006
Domains-Issue Area: 
Region(s): 
Industry Focus: 
Information & Telecommunication
Internet & Cyberspace
Datatype(s): 
Bibliographies & Reports