Abstract:
Attempts to discover how attackers' behavior changes as software vulnerability and patches are disclosed. The more disclosed the vulnerability of a software is, the more likely that software is security attacks. If a software is secretly vulnerability, there are few attacks; if the software is patched, there are more attacks; and if the vulnerability is fully disclosed, there are even more attacks. Also, distribution of patches helps teach attackers the flaws of the software. However, if an already-known vulnerability is patched, then there is an initial decrease in attacks, though the number of attacks gradually increases over time.
Author:
Ashish Arora, Anand Nandkumar and Rahul Telang.
Institution:
Carnegie Mellon University
Industry Focus:
Information & Telecommunication
Internet & Cyberspace