 |
|
|||
| Authors: | Stefan Frei, Martin May, Ulrich Fiedler, Bernhard Plattner |
| Group: | Communication Systems |
| Type: | Inproceedings |
| Title: | Large-Scale Vulnerability Analysis |
| Year: | 2006 |
| Month: | September |
| Pub-Key: | FMFP06 |
| Book Titel: | ACM Sigcomm Workshop on Large-Scale Attack Defense |
| Keywords: | network security, vulnerability, risk management |
| Publisher: | Sigcomm |
| Abstract: | The security level of networks and systems is determined by the software vulnerabilities of its elements. Defending against large scale attacks requires a quantitative understanding of the vulnerability lifecycle. Specifically, one has to understand how exploitation and remediation of vulnerabilities, as well as the distribution of information thereof is handled by industry. In this paper, we examine how vulnerabilities are handled in large-scale, analyzing more than 80,000 security advisories published since 1995. Based on this information, we quantify the performance of the security industry as a whole. We discover trends and discuss their implications. We quantify the gap between exploit and patch availability and provide an analytical representation of our data which lays the foundation for further analysis and risk management. |
| Location: | Pisa, Italy |
| Resources: | [BibTeX] [Paper as PDF] |
