The availability of source code in relation to timely response to security vulnerabilities

TitleThe availability of source code in relation to timely response to security vulnerabilities
Publication TypeJournal Article
Year of Publication2003
AuthorsReinke, J, Saiedian, H
Secondary TitleComputers & Security
Volume22
Number8
Pagination707 - 724
ISSN Number0167-4048
Keywordsbugtraq, cert, email, email archives, mailing list, security, vulnerability
Abstract

Once a vulnerability has been found in an application or service that runs on a computer connected to the Internet, fixing that exploit in a timely fashion is of the utmost importance. There are two parts to fixing vulnerability: a party acting on behalf of the application's vendor gives instructions to fix it or makes a patch available that can be downloaded; then someone using that information fixes the computer or application in question. This paper considers the effects of proprietary software versus non-proprietary software in determining the speed with which a security fix is made available, since this can minimize the amount of time that the computer system remains vulnerable.

Notes

"This paper considers the effects of proprietary software versus non-proprietary software in determining the speed with which a security fix is made available"
"The sources considered are the BugTraq mailing list (available at SecurityFocus.com), the CERT Coordination Center (www.cert.org), and Incidents.org (from the SANS Institute)"
Note that these lists are generic topical discussion lists and not the mailing lists OF a particular open source project.

URLhttp://www.sciencedirect.com/science/article/B6V8G-4B9CV31-C/2/a218fccfaef185af5c122f118b252703
DOI10.1016/S0167-4048(03)00011-7
Full Text