The availability of source code in relation to timely response to security vulnerabilities | IFIP Working Group 2.13

The availability of source code in relation to timely response to security vulnerabilities

Submitted by msquire on Fri, 2011-04-22 08:48

Title	The availability of source code in relation to timely response to security vulnerabilities
Publication Type	Journal Article
Year of Publication	2003
Authors	Reinke, John, and Saiedian Hossein
Secondary Title	Computers & Security
Volume	22
Number	8
Pagination	707 - 724
ISSN Number	0167-4048
Keywords	bugtraq, cert, email, email archives, mailing list, security, vulnerability
Abstract	Once a vulnerability has been found in an application or service that runs on a computer connected to the Internet, fixing that exploit in a timely fashion is of the utmost importance. There are two parts to fixing vulnerability: a party acting on behalf of the application's vendor gives instructions to fix it or makes a patch available that can be downloaded; then someone using that information fixes the computer or application in question. This paper considers the effects of proprietary software versus non-proprietary software in determining the speed with which a security fix is made available, since this can minimize the amount of time that the computer system remains vulnerable.
Notes	"This paper considers the effects of proprietary software versus non-proprietary software in determining the speed with which a security fix is made available" "The sources considered are the BugTraq mailing list (available at SecurityFocus.com), the CERT Coordination Center (www.cert.org), and Incidents.org (from the SANS Institute)" Note that these lists are generic topical discussion lists and not the mailing lists OF a particular open source project.
URL	http://www.sciencedirect.com/science/article/B6V8G-4B9CV31-C/2/a218fccfaef185af5c122f118b252703
DOI	DOI: 10.1016/S0167-4048(03)00011-7