@article {Reinke2003707, title = {The availability of source code in relation to timely response to security vulnerabilities}, journal = {Computers \& Security}, volume = {22}, number = {8}, year = {2003}, note = {"This paper considers the effects of proprietary software versus non-proprietary software in determining the speed with which a security fix is made available" "The sources considered are the BugTraq mailing list (available at SecurityFocus.com), the CERT Coordination Center (www.cert.org), and Incidents.org (from the SANS Institute)" Note that these lists are generic topical discussion lists and not the mailing lists OF a particular open source project.}, pages = {707 - 724}, abstract = {Once a vulnerability has been found in an application or service that runs on a computer connected to the Internet, fixing that exploit in a timely fashion is of the utmost importance. There are two parts to fixing vulnerability: a party acting on behalf of the application{\textquoteright}s vendor gives instructions to fix it or makes a patch available that can be downloaded; then someone using that information fixes the computer or application in question. This paper considers the effects of proprietary software versus non-proprietary software in determining the speed with which a security fix is made available, since this can minimize the amount of time that the computer system remains vulnerable.}, keywords = {bugtraq, cert, email, email archives, mailing list, security, vulnerability}, issn = {0167-4048}, doi = {DOI: 10.1016/S0167-4048(03)00011-7}, url = {http://www.sciencedirect.com/science/article/B6V8G-4B9CV31-C/2/a218fccfaef185af5c122f118b252703}, author = {John Reinke and Hossein Saiedian} }