The Secret Life of CVEs
By: Piotr Przymus , Mikołaj Fejzer , Jakub Narębski and more
Potential Business Impact:
Finds ways to fix computer security problems faster.
The Common Vulnerabilities and Exposures (CVEs) system is a reference method for documenting publicly known information security weaknesses and exposures. This paper presents a study of the lifetime of CVEs in software projects and the risk factors affecting their existence. The study uses survival analysis to examine how features of programming languages, projects, and CVEs themselves impact the lifetime of CVEs. We suggest avenues for future research to investigate the effect of various factors on the resolution of vulnerabilities.
Similar Papers
Out of Sight, Still at Risk: The Lifecycle of Transitive Vulnerabilities in Maven
Software Engineering
Finds hidden computer program dangers faster.
CVE Breadcrumbs: Tracking Vulnerabilities Through Versioned Apache Libraries
Cryptography and Security
Finds and fixes hidden computer program flaws faster.
The Ripple Effect of Vulnerabilities in Maven Central: Prevalence, Propagation, and Mitigation Challenges
Software Engineering
Fixes hidden computer code problems in apps.