On the Flow of Software Security Advisories

On the Flow of Software Security Advisories

In this paper, we report results on a large scale measurement campaign to collect temporal information about events associated with software vulnerabilities. The data is curated so as to extract dates from each of the analyzed security advisories. The resulting time series are our object of study. F...

Full description

Saved in:
Bibliographic Details
Published in:IEEE eTransactions on network and service management Vol. 18; no. 2; pp. 1305 - 1320
Main Authors: Miranda, Lucas, Vieira, Daniel, de Aguiar, Leandro Pfleger, Menasche, Daniel Sadoc, Bicudo, Miguel Angelo, Nogueira, Mateus Schulz, Martins, Matheus, Ventura, Leonardo, Senos, Lucas, Lovat, Enrico
Format: Journal Article
Language:English
Published: New York IEEE 01-06-2021
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Analytical models
Biological system modeling
Data collection
Data models
Delays
Information flow
Mathematical models
Platforms
queueing networks
Queuing theory
Security
Software
Time series analysis
Visibility
Vulnerability life cycle
Websites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In this paper, we report results on a large scale measurement campaign to collect temporal information about events associated with software vulnerabilities. The data is curated so as to extract dates from each of the analyzed security advisories. The resulting time series are our object of study. From our measurements we were able to identify which role was assumed by different platforms (such as websites and forums) in the security landscape, including sources and aggregators of information about vulnerabilities. Then, we propose an analytical model to express the flow of information through security advisories across multiple platforms. The model is based on a queueing network, where each platform corresponds to a queue which adds a delay in the information propagation. Such delays, in turn, have an impact on the visibility of the information at different platforms. Leveraging the proposed model and the collected data, we assess how different system parameters, such as the delays incurred by each platform to propagate its messages, impact the overall flow of information across platforms.
ISSN:1932-4537
1932-4537
DOI:10.1109/TNSM.2021.3078727